From 0bf424496ff707551a96e09d08d43fa6415d14c9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 4 Jul 2015 15:27:04 +0000 Subject: Validate input of pw usermod -h and pwusermod -H Push the code that set the password into a separate function to improve readability Add regression tests about pw usermod -h and pw usermod -H --- pw/pw_user.c | 123 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 63 insertions(+), 60 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index c3b2751..f1dbadc 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -86,6 +86,67 @@ create_and_populate_homedir(int mode, struct passwd *pwd) pwd->pw_uid, pwd->pw_dir); } +static int +set_passwd(struct passwd *pwd, struct carg *arg, bool update) +{ + int b, istty; + struct termios t, n; + login_cap_t *lc; + char line[_PASSWORD_LEN+1]; + char *p; + + if (conf.fd == '-') { + if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { + pwd->pw_passwd = "*"; /* No access */ + return (1); + } + return (0); + } + + if ((istty = isatty(conf.fd))) { + if (tcgetattr(conf.fd, &t) == -1) + istty = 0; + else { + n.c_lflag &= ~(ECHO); + tcsetattr(conf.fd, TCSANOW, &n); + printf("%s%spassword for user %s:", + update ? "new " : "", + conf.precrypted ? "encrypted " : "", + pwd->pw_name); + fflush(stdout); + } + } + b = read(conf.fd, line, sizeof(line) - 1); + if (istty) { /* Restore state */ + tcsetattr(conf.fd, TCSANOW, &t); + fputc('\n', stdout); + fflush(stdout); + } + + if (b < 0) + err(EX_IOERR, "-%c file descriptor", + conf.precrypted ? 'H' : 'h'); + line[b] = '\0'; + if ((p = strpbrk(line, "\r\n")) != NULL) + *p = '\0'; + if (!*line) + errx(EX_DATAERR, "empty password read on file descriptor %d", + conf.fd); + if (conf.precrypted) { + if (strchr(line, ':') != NULL) + return EX_DATAERR; + pwd->pw_passwd = line; + } else { + lc = login_getpwclass(pwd); + if (lc == NULL || + login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_pwcrypt(line); + } + return (1); +} + /*- * -C config configuration file * -q quiet operation @@ -529,66 +590,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } - if ((arg = getarg(args, 'h')) != NULL || - (arg = getarg(args, 'H')) != NULL) { - if (strcmp(arg->val, "-") == 0) { - if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { - pwd->pw_passwd = "*"; /* No access */ - edited = 1; - } - } else { - int fd = atoi(arg->val); - int precrypt = (arg->ch == 'H'); - int b; - int istty = isatty(fd); - struct termios t; - login_cap_t *lc; - - if (istty) { - if (tcgetattr(fd, &t) == -1) - istty = 0; - else { - struct termios n = t; - - /* Disable echo */ - n.c_lflag &= ~(ECHO); - tcsetattr(fd, TCSANOW, &n); - printf("%s%spassword for user %s:", - (mode == M_UPDATE) ? "new " : "", - precrypt ? "encrypted " : "", - pwd->pw_name); - fflush(stdout); - } - } - b = read(fd, line, sizeof(line) - 1); - if (istty) { /* Restore state */ - tcsetattr(fd, TCSANOW, &t); - fputc('\n', stdout); - fflush(stdout); - } - if (b < 0) - err(EX_IOERR, "-%c file descriptor", - precrypt ? 'H' : 'h'); - line[b] = '\0'; - if ((p = strpbrk(line, "\r\n")) != NULL) - *p = '\0'; - if (!*line) - errx(EX_DATAERR, "empty password read on file descriptor %d", fd); - if (precrypt) { - if (strchr(line, ':') != NULL) - return EX_DATAERR; - pwd->pw_passwd = line; - } else { - lc = login_getpwclass(pwd); - if (lc == NULL || - login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_pwcrypt(line); - } - edited = 1; - } - } + if (conf.fd != -1) + edited = set_passwd(pwd, arg, mode == M_UPDATE); /* * Special case: -N only displays & exits -- cgit v1.2.3 From 78b3b8ddb79f739e2e5a1caa74dcc4e3bf453de2 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 4 Jul 2015 15:56:59 +0000 Subject: Fix validation of crypted password Small cleanups --- pw/pw_user.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index f1dbadc..e123786 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -87,7 +87,7 @@ create_and_populate_homedir(int mode, struct passwd *pwd) } static int -set_passwd(struct passwd *pwd, struct carg *arg, bool update) +set_passwd(struct passwd *pwd, bool update) { int b, istty; struct termios t, n; @@ -107,6 +107,7 @@ set_passwd(struct passwd *pwd, struct carg *arg, bool update) if (tcgetattr(conf.fd, &t) == -1) istty = 0; else { + n = t; n.c_lflag &= ~(ECHO); tcsetattr(conf.fd, TCSANOW, &n); printf("%s%spassword for user %s:", @@ -134,7 +135,7 @@ set_passwd(struct passwd *pwd, struct carg *arg, bool update) conf.fd); if (conf.precrypted) { if (strchr(line, ':') != NULL) - return EX_DATAERR; + errx(EX_DATAERR, "bad encrypted password"); pwd->pw_passwd = line; } else { lc = login_getpwclass(pwd); @@ -531,8 +532,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); } - if ((arg = getarg(args, 'w')) != NULL && - getarg(args, 'h') == NULL && getarg(args, 'H') == NULL) { + if ((arg = getarg(args, 'w')) != NULL && conf.fd == -1) { login_cap_t *lc; lc = login_getpwclass(pwd); @@ -591,7 +591,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) } if (conf.fd != -1) - edited = set_passwd(pwd, arg, mode == M_UPDATE); + edited = set_passwd(pwd, mode == M_UPDATE); /* * Special case: -N only displays & exits @@ -1004,8 +1004,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) /* * We give this information back to the user */ - if (getarg(args, 'h') == NULL && getarg(args, 'H') == NULL && - !conf.dryrun) { + if (conf.fd == -1 && !conf.dryrun) { if (isatty(STDOUT_FILENO)) printf("Password for '%s' is: ", user); printf("%s\n", pwbuf); -- cgit v1.2.3 From bc539790827cbc69585a6ec393f04705e5825eff Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 16:58:47 +0000 Subject: Separate usernext/groupnext from the main functions --- pw/pw_user.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index e123786..298aeab 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -148,6 +148,20 @@ set_passwd(struct passwd *pwd, bool update) return (1); } +int +pw_usernext(struct userconf *cnf, bool quiet) +{ + uid_t next = pw_uidpolicy(cnf, -1); + + if (quiet) + return (next); + + printf("%u:", next); + pw_groupnext(cnf, quiet); + + return (EXIT_SUCCESS); +} + /*- * -C config configuration file * -q quiet operation @@ -216,19 +230,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf = conf.userconf; - /* - * With M_NEXT, we only need to return the - * next uid to stdout - */ if (mode == M_NEXT) - { - uid_t next = pw_uidpolicy(cnf, id); - if (getarg(args, 'q')) - return next; - printf("%u:", next); - pw_group(mode, name, -1, args); - return EXIT_SUCCESS; - } + return (pw_usernext(cnf, getarg(args, 'q') != NULL)); /* * We can do all of the common legwork here @@ -845,11 +848,8 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) addarg(&grpargs, 'g', tmp); } if (conf.dryrun) { - addarg(&grpargs, 'q', NULL); - gid = pw_group(M_NEXT, nam, -1, &grpargs); - } - else - { + gid = pw_groupnext(cnf, true); + } else { pw_group(M_ADD, nam, -1, &grpargs); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; -- cgit v1.2.3 From ecf012ac29ba3e82e8b5e497ee1b80629ae5624f Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 17:01:08 +0000 Subject: Move the quiet flag into the configuration structure --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 298aeab..dc9827a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -231,7 +231,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf = conf.userconf; if (mode == M_NEXT) - return (pw_usernext(cnf, getarg(args, 'q') != NULL)); + return (pw_usernext(cnf, conf.quiet)); /* * We can do all of the common legwork here -- cgit v1.2.3 From cc424f0d3468b75718e420a691cb5e3b238804b6 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 18:09:27 +0000 Subject: Make separate functions to show users and groups --- pw/pw_user.c | 52 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 17 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index dc9827a..153bc43 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -162,6 +162,36 @@ pw_usernext(struct userconf *cnf, bool quiet) return (EXIT_SUCCESS); } +static int +pw_usershow(char *name, long id, struct passwd *fakeuser) +{ + struct passwd *pwd = NULL; + + if (id < 0 && name == NULL && !conf.all) + errx(EX_DATAERR, "username or id or '-a' required"); + + if (conf.all) { + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + print_user(pwd); + ENDPWENT(); + return (EXIT_SUCCESS); + } + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (conf.force) { + pwd = fakeuser; + } else { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + } + + return (print_user(pwd)); +} + /*- * -C config configuration file * -q quiet operation @@ -213,7 +243,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) static struct passwd fakeuser = { - NULL, + "nouser", "*", -1, -1, @@ -233,6 +263,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (mode == M_NEXT) return (pw_usernext(cnf, conf.quiet)); + if (mode == M_PRINT) + return (pw_usershow(name, id, &fakeuser)); + /* * We can do all of the common legwork here */ @@ -377,14 +410,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) err(EX_IOERR, "config udpate"); } - if (mode == M_PRINT && getarg(args, 'a')) { - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - print_user(pwd); - ENDPWENT(); - return EXIT_SUCCESS; - } - if (name != NULL) pwd = GETPWNAM(pw_checkname(name, 0)); @@ -395,17 +420,12 @@ pw_user(int mode, char *name, long id, struct cargs * args) * Update, delete & print require that the user exists */ if (mode == M_UPDATE || mode == M_DELETE || - mode == M_PRINT || mode == M_LOCK || mode == M_UNLOCK) { + mode == M_LOCK || mode == M_UNLOCK) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); if (pwd == NULL) { - if (mode == M_PRINT && getarg(args, 'F')) { - fakeuser.pw_name = name ? name : "nouser"; - fakeuser.pw_uid = (uid_t) id; - return print_user(&fakeuser); - } if (name == NULL) errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); @@ -440,8 +460,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) } else if (mode == M_DELETE) return (delete_user(cnf, pwd, name, getarg(args, 'r') != NULL, mode)); - else if (mode == M_PRINT) - return print_user(pwd); /* * The rest is edit code -- cgit v1.2.3 From dc338df23912779d9d051efb40fdf73ad6289ea0 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 19:07:47 +0000 Subject: Make a separate groupdel/userdel from the main function --- pw/pw_user.c | 48 +++++++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 17 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 153bc43..1c01d6a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -51,8 +51,7 @@ static const char rcsid[] = static char locked_str[] = "*LOCKED*"; -static int delete_user(struct userconf *cnf, struct passwd *pwd, - char *name, int delete, int mode); +static int pw_userdel(char *name, long id); static int print_user(struct passwd * pwd); static uid_t pw_uidpolicy(struct userconf * cnf, long id); static uid_t pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer); @@ -266,6 +265,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (mode == M_PRINT) return (pw_usershow(name, id, &fakeuser)); + if (mode == M_DELETE) + return (pw_userdel(name, id)); + /* * We can do all of the common legwork here */ @@ -417,10 +419,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_DATAERR, "user name or id required"); /* - * Update, delete & print require that the user exists + * Update require that the user exists */ - if (mode == M_UPDATE || mode == M_DELETE || - mode == M_LOCK || mode == M_UNLOCK) { + if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); @@ -457,9 +458,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); pwd->pw_passwd += sizeof(locked_str)-1; edited = 1; - } else if (mode == M_DELETE) - return (delete_user(cnf, pwd, name, - getarg(args, 'r') != NULL, mode)); + } /* * The rest is edit code @@ -1045,17 +1044,30 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user) } static int -delete_user(struct userconf *cnf, struct passwd *pwd, char *name, - int delete, int mode) +pw_userdel(char *name, long id) { + struct passwd *pwd = NULL; char file[MAXPATHLEN]; char home[MAXPATHLEN]; - uid_t uid = pwd->pw_uid; + uid_t uid; struct group *gr, *grp; char grname[LOGNAMESIZE]; int rc; struct stat st; + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + uid = pwd->pw_uid; + if (name == NULL) + name = pwd->pw_name; + if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); @@ -1093,10 +1105,11 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, else if (rc != 0) err(EX_IOERR, "passwd update"); - if (cnf->nispasswd && *cnf->nispasswd=='/') { - rc = delnispwent(cnf->nispasswd, name); + if (conf.userconf->nispasswd && *conf.userconf->nispasswd=='/') { + rc = delnispwent(conf.userconf->nispasswd, name); if (rc == -1) - warnx("WARNING: user '%s' does not exist in NIS passwd", pwd->pw_name); + warnx("WARNING: user '%s' does not exist in NIS passwd", + pwd->pw_name); else if (rc != 0) warn("WARNING: NIS passwd update"); /* non-fatal */ @@ -1126,7 +1139,8 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, } ENDGRENT(); - pw_log(cnf, mode, W_USER, "%s(%u) account removed", name, uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, + uid); if (!PWALTDIR()) { /* @@ -1143,10 +1157,10 @@ delete_user(struct userconf *cnf, struct passwd *pwd, char *name, /* * Remove home directory and contents */ - if (delete && *home == '/' && getpwuid(uid) == NULL && + if (conf.deletehome && *home == '/' && getpwuid(uid) == NULL && stat(home, &st) != -1) { rm_r(home, uid); - pw_log(cnf, mode, W_USER, "%s(%u) home '%s' %sremoved", + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %sremoved", name, uid, home, stat(home, &st) == -1 ? "" : "not completely "); } -- cgit v1.2.3 From 683b41dc1f073509df3f14d35d3e1541ae41498a Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 19:14:09 +0000 Subject: homedir can only be populate during useradd --- pw/pw_user.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 1c01d6a..a375b31 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -65,7 +65,7 @@ static void rmat(uid_t uid); static void rmopie(char const * name); static void -create_and_populate_homedir(int mode, struct passwd *pwd) +create_and_populate_homedir(struct passwd *pwd) { char *homedir, *dotdir; struct userconf *cnf = conf.userconf; @@ -81,7 +81,7 @@ create_and_populate_homedir(int mode, struct passwd *pwd) copymkdir(homedir ? homedir : pwd->pw_dir, dotdir ? dotdir: cnf->dotdir, cnf->homemode, pwd->pw_uid, pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%u) home %s made", pwd->pw_name, + pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, pwd->pw_uid, pwd->pw_dir); } @@ -735,7 +735,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (PWALTDIR() != PWF_ALT && getarg(args, 'm') != NULL && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) - create_and_populate_homedir(mode, pwd); + create_and_populate_homedir(pwd); /* * Finally, send mail to the new user as well, if we are asked to -- cgit v1.2.3 From 634a65911ad1db9a99207754a1f65de7083e3543 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 20:10:12 +0000 Subject: Isolate pw lock/unlock into a separate function --- pw/pw_user.c | 122 ++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 78 insertions(+), 44 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index a375b31..b9d01a8 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -191,6 +191,78 @@ pw_usershow(char *name, long id, struct passwd *fakeuser) return (print_user(pwd)); } +static void +perform_chgpwent(const char *name, struct passwd *pwd) +{ + int rc; + + rc = chgpwent(name, pwd); + if (rc == -1) + errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd file update"); + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') { + rc = chgnispwent(conf.userconf->nispasswd, name, pwd); + if (rc == -1) + warn("User '%s' not found in NIS passwd", pwd->pw_name); + else + warn("NIS passwd update"); + /* NOTE: NIS-only update errors are not fatal */ + } +} + +/* + * The M_LOCK and M_UNLOCK functions simply add or remove + * a "*LOCKED*" prefix from in front of the password to + * prevent it decoding correctly, and therefore prevents + * access. Of course, this only prevents access via + * password authentication (not ssh, kerberos or any + * other method that does not use the UNIX password) but + * that is a known limitation. + */ +static int +pw_userlock(char *name, long id, int mode) +{ + struct passwd *pwd = NULL; + char *passtmp = NULL; + bool locked = false; + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such user `%s'", name); + } + + if (name == NULL) + name = pwd->pw_name; + + if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str) -1) == 0) + locked = true; + if (mode == M_LOCK && locked) + errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name); + if (mode == M_UNLOCK && !locked) + errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); + + if (mode == M_LOCK) { + asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); + if (passtmp == NULL) /* disaster */ + errx(EX_UNAVAILABLE, "out of memory"); + pwd->pw_passwd = passtmp; + } else { + pwd->pw_passwd += sizeof(locked_str)-1; + } + + perform_chgpwent(name, pwd); + free(passtmp); + + return (EXIT_SUCCESS); +} + /*- * -C config configuration file * -q quiet operation @@ -228,7 +300,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) { int rc, edited = 0; char *p = NULL; - char *passtmp; struct carg *arg; struct passwd *pwd = NULL; struct group *grp; @@ -268,6 +339,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (mode == M_DELETE) return (pw_userdel(name, id)); + if (mode == M_LOCK || mode == M_UNLOCK) + return (pw_userlock(name, id, mode)); + /* * We can do all of the common legwork here */ @@ -421,7 +495,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) /* * Update require that the user exists */ - if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { + if (mode == M_UPDATE) { if (name == NULL && pwd == NULL) /* Try harder */ pwd = GETPWUID(id); @@ -435,31 +509,6 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (name == NULL) name = pwd->pw_name; - /* - * The M_LOCK and M_UNLOCK functions simply add or remove - * a "*LOCKED*" prefix from in front of the password to - * prevent it decoding correctly, and therefore prevents - * access. Of course, this only prevents access via - * password authentication (not ssh, kerberos or any - * other method that does not use the UNIX password) but - * that is a known limitation. - */ - - if (mode == M_LOCK) { - if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) == 0) - errx(EX_DATAERR, "user '%s' is already locked", pwd->pw_name); - asprintf(&passtmp, "%s%s", locked_str, pwd->pw_passwd); - if (passtmp == NULL) /* disaster */ - errx(EX_UNAVAILABLE, "out of memory"); - pwd->pw_passwd = passtmp; - edited = 1; - } else if (mode == M_UNLOCK) { - if (strncmp(pwd->pw_passwd, locked_str, sizeof(locked_str)-1) != 0) - errx(EX_DATAERR, "user '%s' is not locked", pwd->pw_name); - pwd->pw_passwd += sizeof(locked_str)-1; - edited = 1; - } - /* * The rest is edit code */ @@ -635,23 +684,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ } - } else if (mode == M_UPDATE || mode == M_LOCK || mode == M_UNLOCK) { - if (edited) { /* Only updated this if required */ - rc = chgpwent(name, pwd); - if (rc == -1) - errx(EX_IOERR, "user '%s' does not exist (NIS?)", pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd file update"); - if ( cnf->nispasswd && *cnf->nispasswd=='/') { - rc = chgnispwent(cnf->nispasswd, name, pwd); - if (rc == -1) - warn("User '%s' not found in NIS passwd", pwd->pw_name); - else - warn("NIS passwd update"); - /* NOTE: NIS-only update errors are not fatal */ - } - } - } + } else if (mode == M_UPDATE && edited) /* Only updated this if required */ + perform_chgpwent(name, pwd); /* * Ok, user is created or changed - now edit group file -- cgit v1.2.3 From b1134e75ce7b8f0deb1b1880f35c42f2a09ddb4e Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 20:18:34 +0000 Subject: Remove useless use of goto --- pw/pw_user.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index b9d01a8..7e8534e 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -400,7 +400,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) *p = '\0'; if (stat(dbuf, &st) == -1) { if (mkdir(dbuf, _DEF_DIRMODE) == -1) - goto direrr; + err(EX_OSFILE, "mkdir '%s'", dbuf); chown(dbuf, 0, 0); } else if (!S_ISDIR(st.st_mode)) errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf); @@ -408,9 +408,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) { - direrr: err(EX_OSFILE, "mkdir '%s'", dbuf); - } + if (mkdir(dbuf, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "mkdir '%s'", dbuf); chown(dbuf, 0, 0); } } else if (!S_ISDIR(st.st_mode)) -- cgit v1.2.3 From 13824e6c6765b7a1d67b0ffaab60aa0612bee252 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 21:09:50 +0000 Subject: check the gecos format early: at the moment the -c option is parsed --- pw/pw_user.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 7e8534e..9e16793 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -650,10 +650,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) /* * Shared add/edit code */ - if ((arg = getarg(args, 'c')) != NULL) { - char *gecos = pw_checkname(arg->val, 1); - if (strcmp(pwd->pw_gecos, gecos) != 0) { - pwd->pw_gecos = gecos; + if (conf.gecos != NULL) { + if (strcmp(pwd->pw_gecos, conf.gecos) != 0) { + pwd->pw_gecos = conf.gecos; edited = 1; } } -- cgit v1.2.3 From bf1da69192dfd6c10ac6dbae522d0ed40ebecf3a Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 21:12:28 +0000 Subject: Remove unused argument from pm_passwd --- pw/pw_user.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 9e16793..6aa0c47 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -59,7 +59,7 @@ static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args); static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user); static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell); -static char *pw_password(struct userconf * cnf, struct cargs * args, char const * user); +static char *pw_password(struct userconf * cnf, char const * user); static char *shell_path(char const * path, char *shells[], char *sh); static void rmat(uid_t uid); static void rmopie(char const * name); @@ -608,7 +608,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); edited = 1; } @@ -640,7 +640,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); - pwd->pw_passwd = pw_password(cnf, args, pwd->pw_name); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name); edited = 1; if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) @@ -1038,7 +1038,7 @@ pw_pwcrypt(char *password) static char * -pw_password(struct userconf * cnf, struct cargs * args, char const * user) +pw_password(struct userconf * cnf, char const * user) { int i, l; char pwbuf[32]; -- cgit v1.2.3 From 37cf831c25d3fbcc63a8548fc4ed7ead82562c5b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 23:07:17 +0000 Subject: Replace custom string array with stringlist(3) --- pw/pw_user.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 6aa0c47..f1dae74 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -440,18 +440,13 @@ pw_user(int mode, char *name, long id, struct cargs * args) cnf->default_class = pw_checkname(arg->val, 0); if ((arg = getarg(args, 'G')) != NULL && arg->val) { - int i = 0; - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { if ((grp = GETGRNAM(p)) == NULL) { if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) errx(EX_NOUSER, "group `%s' does not exist", p); } - if (extendarray(&cnf->groups, &cnf->numgroups, i + 2) != -1) - cnf->groups[i++] = newstr(grp->gr_name); + sl_add(cnf->groups, newstr(grp->gr_name)); } - while (i < cnf->numgroups) - cnf->groups[i++] = NULL; } if ((arg = getarg(args, 'k')) != NULL) { @@ -690,7 +685,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (mode == M_ADD || getarg(args, 'G') != NULL) { - int i, j; + int j; + size_t i; /* First remove the user from all group */ SETGRENT(); while ((grp = GETGRENT()) != NULL) { @@ -709,8 +705,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) ENDGRENT(); /* now add to group where needed */ - for (i = 0; cnf->groups[i] != NULL; i++) { - grp = GETGRNAM(cnf->groups[i]); + for (i = 0; i < cnf->groups->sl_cur; i++) { + grp = GETGRNAM(cnf->groups->sl_str[i]); grp = gr_add(grp, pwd->pw_name); /* * grp can only be NULL in 2 cases: @@ -720,7 +716,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (grp == NULL) continue; - chggrent(cnf->groups[i], grp); + chggrent(grp->gr_name, grp); free(grp); } } -- cgit v1.2.3 From 53d815d2b67ba1daf3d088e6049c75e9134228d2 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 11 Jul 2015 23:56:55 +0000 Subject: Fix regression: ensure when try to create the group and the user with the same id if possible and nothing in particular was specified --- pw/pw_user.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index f1dae74..315af39 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -875,7 +875,7 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { struct cargs grpargs; - char tmp[32]; + gid_t grid = -1; LIST_INIT(&grpargs); @@ -888,23 +888,15 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) * user's name dups an existing group, then the group add * function will happily handle that case for us and exit. */ - if (GETGRGID(prefer) == NULL) { - snprintf(tmp, sizeof(tmp), "%u", prefer); - addarg(&grpargs, 'g', tmp); - } + if (GETGRGID(prefer) == NULL) + grid = prefer; if (conf.dryrun) { gid = pw_groupnext(cnf, true); } else { - pw_group(M_ADD, nam, -1, &grpargs); + pw_group(M_ADD, nam, grid, &grpargs); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; } - a_gid = LIST_FIRST(&grpargs); - while (a_gid != NULL) { - struct carg *t = LIST_NEXT(a_gid, list); - LIST_REMOVE(a_gid, list); - a_gid = t; - } } ENDGRENT(); return gid; -- cgit v1.2.3 From 5c8793faf0c3ceee6ca534d0f69b417a3759f7af Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 00:02:43 +0000 Subject: Make getarg return NULL if args is NULL --- pw/pw_user.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 315af39..16b2ac8 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -874,11 +874,8 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { gid = grp->gr_gid; /* Already created? Use it anyway... */ } else { - struct cargs grpargs; gid_t grid = -1; - LIST_INIT(&grpargs); - /* * We need to auto-create a group with the user's name. We * can send all the appropriate output to our sister routine @@ -893,7 +890,7 @@ pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) if (conf.dryrun) { gid = pw_groupnext(cnf, true); } else { - pw_group(M_ADD, nam, grid, &grpargs); + pw_group(M_ADD, nam, grid, NULL); if ((grp = GETGRNAM(nam)) != NULL) gid = grp->gr_gid; } -- cgit v1.2.3 From f6975773c5ebf939f9e3f22b2b600d2c821604bc Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 20:29:51 +0000 Subject: Rework the home directory creation and copy or the skel content to use *at functions This allows to simplify the code a bit for -R by not having to keep modifying path and also prepare the code to improve support -R in userdel While here, add regression tests for the functionality --- pw/pw_user.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 16b2ac8..afc163f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -67,20 +67,19 @@ static void rmopie(char const * name); static void create_and_populate_homedir(struct passwd *pwd) { - char *homedir, *dotdir; struct userconf *cnf = conf.userconf; + const char *skeldir; + int skelfd = -1; - homedir = dotdir = NULL; + skeldir = cnf->dotdir; - if (conf.rootdir[0] != '\0') { - asprintf(&homedir, "%s/%s", conf.rootdir, pwd->pw_dir); - if (homedir == NULL) - errx(EX_OSERR, "out of memory"); - asprintf(&dotdir, "%s/%s", conf.rootdir, cnf->dotdir); + if (skeldir != NULL && *skeldir != '\0') { + skelfd = openat(conf.rootfd, cnf->dotdir, + O_DIRECTORY|O_CLOEXEC); } - copymkdir(homedir ? homedir : pwd->pw_dir, dotdir ? dotdir: cnf->dotdir, - cnf->homemode, pwd->pw_uid, pwd->pw_gid); + copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, + pwd->pw_gid, 0); pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, pwd->pw_uid, pwd->pw_dir); } -- cgit v1.2.3 From d6d7189c26aa1c3f1bb8ac622e5daf43b8485c30 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 21:43:57 +0000 Subject: pw -R userdel can now cleanup installation Rewrite rm_r to use *at function, allowing to remove home directories along with users. only crontabs and at(1) installation are not removed Relnotes: yes --- pw/pw_user.c | 106 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 50 insertions(+), 56 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index afc163f..fd2c80a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -746,12 +746,12 @@ pw_user(int mode, char *name, long id, struct cargs * args) */ if (mode == M_ADD) { if (PWALTDIR() != PWF_ALT) { - arg = getarg(args, 'R'); - snprintf(path, sizeof(path), "%s%s/%s", - arg ? arg->val : "", _PATH_MAILDIR, pwd->pw_name); - close(open(path, O_RDWR | O_CREAT, 0600)); /* Preserve contents & - * mtime */ - chown(path, pwd->pw_uid, pwd->pw_gid); + snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, + pwd->pw_name); + close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, + 0600)); /* Preserve contents & mtime */ + fchownat(conf.rootfd, path + 1, pwd->pw_uid, + pwd->pw_gid, AT_SYMLINK_NOFOLLOW); } } @@ -1087,16 +1087,13 @@ pw_userdel(char *name, long id) if (strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "cannot remove user 'root'"); - if (!PWALTDIR()) { - /* - * Remove opie record from /etc/opiekeys - */ + /* Remove opie record from /etc/opiekeys */ + if (PWALTDIR() != PWF_ALT) rmopie(pwd->pw_name); - /* - * Remove crontabs - */ + if (!PWALTDIR()) { + /* Remove crontabs */ snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); if (access(file, F_OK) == 0) { snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); @@ -1158,28 +1155,23 @@ pw_userdel(char *name, long id) pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, uid); - if (!PWALTDIR()) { - /* - * Remove mail file - */ - remove(file); - - /* - * Remove at jobs - */ - if (getpwuid(uid) == NULL) - rmat(uid); - - /* - * Remove home directory and contents - */ - if (conf.deletehome && *home == '/' && getpwuid(uid) == NULL && - stat(home, &st) != -1) { - rm_r(home, uid); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %sremoved", - name, uid, home, - stat(home, &st) == -1 ? "" : "not completely "); - } + /* Remove mail file */ + if (PWALTDIR() != PWF_ALT) + unlinkat(conf.rootfd, file + 1, 0); + + /* Remove at jobs */ + if (!PWALTDIR() && getpwuid(uid) == NULL) + rmat(uid); + + /* Remove home directory and contents */ + if (PWALTDIR() != PWF_ALT && conf.deletehome && *home == '/' && + getpwuid(uid) == NULL && + fstatat(conf.rootfd, home + 1, &st, 0) != -1) { + rm_r(conf.rootfd, home, uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %s" + "removed", name, uid, home, + fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " + "completely "); } return (EXIT_SUCCESS); @@ -1353,27 +1345,29 @@ rmat(uid_t uid) static void rmopie(char const * name) { - static const char etcopie[] = "/etc/opiekeys"; - FILE *fp = fopen(etcopie, "r+"); - - if (fp != NULL) { - char tmp[1024]; - off_t atofs = 0; - int length = strlen(name); - - while (fgets(tmp, sizeof tmp, fp) != NULL) { - if (strncmp(name, tmp, length) == 0 && tmp[length]==' ') { - if (fseek(fp, atofs, SEEK_SET) == 0) { - fwrite("#", 1, 1, fp); /* Comment username out */ - } - break; - } - atofs = ftell(fp); + char tmp[1014]; + FILE *fp; + int fd; + size_t len; + off_t atofs = 0; + + if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) + return; + + fp = fdopen(fd, "r+"); + len = strlen(name); + + while (fgets(tmp, sizeof(tmp), fp) != NULL) { + if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { + /* Comment username out */ + if (fseek(fp, atofs, SEEK_SET) == 0) + fwrite("#", 1, 1, fp); + break; } - /* - * If we got an error of any sort, don't update! - */ - fclose(fp); + atofs = ftell(fp); } + /* + * If we got an error of any sort, don't update! + */ + fclose(fp); } - -- cgit v1.2.3 From 2d773bd7573e856c732b3fc1b827b288ea3beebf Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 12 Jul 2015 22:08:58 +0000 Subject: Ensure skeldir is abolute path (relatively to the rootdir) --- pw/pw_user.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index fd2c80a..8ba2807 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -74,8 +74,9 @@ create_and_populate_homedir(struct passwd *pwd) skeldir = cnf->dotdir; if (skeldir != NULL && *skeldir != '\0') { - skelfd = openat(conf.rootfd, cnf->dotdir, - O_DIRECTORY|O_CLOEXEC); + if (*skeldir == '/') + skeldir++; + skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC); } copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, @@ -449,8 +450,13 @@ pw_user(int mode, char *name, long id, struct cargs * args) } if ((arg = getarg(args, 'k')) != NULL) { - if (stat(cnf->dotdir = arg->val, &st) == -1 || !S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a directory or does not exist", cnf->dotdir); + char *tmp = cnf->dotdir = arg->val; + if (*tmp == '/') + tmp++; + if ((fstatat(conf.rootfd, tmp, &st, 0) == -1) || + !S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a directory or " + "does not exist", cnf->dotdir); } if ((arg = getarg(args, 's')) != NULL) -- cgit v1.2.3 From 0318aba2a76b3131e3b36d0171ae00f776765bd9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 13 Jul 2015 09:08:27 +0000 Subject: Regression fix: allow to create users with uid0 Reported by: Jan Mikkelsen --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 8ba2807..d6dad3f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -804,7 +804,7 @@ pw_uidpolicy(struct userconf * cnf, long id) /* * Check the given uid, if any */ - if (id > 0) { + if (id >= 0) { uid = (uid_t) id; if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) -- cgit v1.2.3 From 43b633f69fb3ebcb515312aae6a8df74e26097d9 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 20:52:10 +0000 Subject: Fix wrong warning printed after changing or updating NIS users PR: 37672 Submitted by: chris+freebsd@chrullrich.de --- pw/pw_user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index d6dad3f..aecc90a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -206,7 +206,7 @@ perform_chgpwent(const char *name, struct passwd *pwd) rc = chgnispwent(conf.userconf->nispasswd, name, pwd); if (rc == -1) warn("User '%s' not found in NIS passwd", pwd->pw_name); - else + else if (rc != 0) warn("NIS passwd update"); /* NOTE: NIS-only update errors are not fatal */ } @@ -678,7 +678,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) rc = addnispwent(cnf->nispasswd, pwd); if (rc == -1) warnx("User '%s' already exists in NIS passwd", pwd->pw_name); - else + else if (rc != 0) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ } -- cgit v1.2.3 From 8b5f16fbd8d18aa47074a93c215947b3401257e7 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 21:49:38 +0000 Subject: Reject usermod and userdel if the user concerned is not on the user database supposed to be manipulated This prevent pw usermod creating a new local user when requesting to usermod on a username is defined in LDAP. This issue only happens when modifying the local user database (not inpacting commands when -V or -R are used). PR: 187653 Submitted by: tmwalaszek@gmail.com --- pw/pw_user.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index aecc90a..cd9c23c 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -310,6 +310,7 @@ pw_user(int mode, char *name, long id, struct cargs * args) FILE *fp; char *dmode_c; void *set = NULL; + int valid_type = _PWF_FILES; static struct passwd fakeuser = { @@ -505,6 +506,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_NOUSER, "no such user `%s'", name); } + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') + valid_type = _PWF_NIS; + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) + errx(EX_NOUSER, "no such %s user `%s'", + valid_type == _PWF_FILES ? "local" : "NIS" , name); + if (name == NULL) name = pwd->pw_name; @@ -1076,6 +1085,7 @@ pw_userdel(char *name, long id) char grname[LOGNAMESIZE]; int rc; struct stat st; + int valid_type = _PWF_FILES; if (id < 0 && name == NULL) errx(EX_DATAERR, "username or id required"); @@ -1086,6 +1096,15 @@ pw_userdel(char *name, long id) errx(EX_NOUSER, "no such uid `%ld'", id); errx(EX_NOUSER, "no such user `%s'", name); } + + if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') + valid_type = _PWF_NIS; + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) + errx(EX_NOUSER, "no such %s user `%s'", + valid_type == _PWF_FILES ? "local" : "NIS" , name); + uid = pwd->pw_uid; if (name == NULL) name = pwd->pw_name; -- cgit v1.2.3 From 2d1b974f3a71544c2aa9e4e648a3acad80ed7aaa Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 09:55:47 +0000 Subject: Cast uid/git to uintmax_t when using printf-like functions so the size of uid/gid size remains a implementation detail --- pw/pw_user.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index cd9c23c..eca8235 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -33,6 +33,7 @@ static const char rcsid[] = #include #include #include +#include #include #include #include @@ -81,8 +82,8 @@ create_and_populate_homedir(struct passwd *pwd) copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, pwd->pw_gid, 0); - pw_log(cnf, M_ADD, W_USER, "%s(%u) home %s made", pwd->pw_name, - pwd->pw_uid, pwd->pw_dir); + pw_log(cnf, M_ADD, W_USER, "%s(%ju) home %s made", pwd->pw_name, + (uintmax_t)pwd->pw_uid, pwd->pw_dir); } static int @@ -155,7 +156,7 @@ pw_usernext(struct userconf *cnf, bool quiet) if (quiet) return (next); - printf("%u:", next); + printf("%ju:", (uintmax_t)next); pw_groupnext(cnf, quiet); return (EXIT_SUCCESS); @@ -749,9 +750,9 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_NOUSER, "user '%s' disappeared during update", name); grp = GETGRGID(pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%u):%s(%u):%s:%s:%s", - pwd->pw_name, pwd->pw_uid, - grp ? grp->gr_name : "unknown", (grp ? grp->gr_gid : (uid_t)-1), + pw_log(cnf, mode, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "unknown", (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); /* @@ -794,8 +795,8 @@ pw_user(int mode, char *name, long id, struct cargs * args) fputs(line, pfp); } pclose(pfp); - pw_log(cnf, mode, W_USER, "%s(%u) new user mail sent", - pwd->pw_name, pwd->pw_uid); + pw_log(cnf, mode, W_USER, "%s(%ju) new user mail sent", + pwd->pw_name, (uintmax_t)pwd->pw_uid); } fclose(fp); } @@ -817,7 +818,8 @@ pw_uidpolicy(struct userconf * cnf, long id) uid = (uid_t) id; if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "uid `%u' has already been allocated", pwd->pw_uid); + errx(EX_DATAERR, "uid `%ju' has already been allocated", + (uintmax_t)pwd->pw_uid); } else { struct bitmap bm; @@ -1177,8 +1179,8 @@ pw_userdel(char *name, long id) } ENDGRENT(); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) account removed", name, - uid); + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) account removed", name, + (uintmax_t)uid); /* Remove mail file */ if (PWALTDIR() != PWF_ALT) @@ -1193,8 +1195,8 @@ pw_userdel(char *name, long id) getpwuid(uid) == NULL && fstatat(conf.rootfd, home + 1, &st, 0) != -1) { rm_r(conf.rootfd, home, uid); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%u) home '%s' %s" - "removed", name, uid, home, + pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" + "removed", name, (uintmax_t)uid, home, fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " "completely "); } @@ -1248,14 +1250,14 @@ print_user(struct passwd * pwd) strftime(acexpire, sizeof acexpire, "%c", tptr); if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) strftime(pwexpire, sizeof pwexpire, "%c", tptr); - printf("Login Name: %-15s #%-12u Group: %-15s #%u\n" + printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" " Full Name: %s\n" " Home: %-26.26s Class: %s\n" " Shell: %-26.26s Office: %s\n" "Work Phone: %-26.26s Home Phone: %s\n" "Acc Expire: %-26.26s Pwd Expire: %s\n", - pwd->pw_name, pwd->pw_uid, - grp ? grp->gr_name : "(invalid)", pwd->pw_gid, + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, uname, pwd->pw_dir, pwd->pw_class, pwd->pw_shell, office, wphone, hphone, acexpire, pwexpire); -- cgit v1.2.3 From a25394718fcec2b1422b872e24e54ad5c7ae69af Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 10:25:55 +0000 Subject: Validate expiration days and password days from commmand line and pw.conf --- pw/pw_user.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index eca8235..6e07f1f 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -418,14 +418,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); } - if ((arg = getarg(args, 'e')) != NULL) - cnf->expire_days = atoi(arg->val); + if (conf.expire_days > 0) + cnf->expire_days = conf.expire_days; if ((arg = getarg(args, 'y')) != NULL) cnf->nispasswd = arg->val; - if ((arg = getarg(args, 'p')) != NULL && arg->val) - cnf->password_days = atoi(arg->val); + if (conf.password_days > 0) + cnf->password_days = conf.password_days; if ((arg = getarg(args, 'g')) != NULL) { if (!*(p = arg->val)) /* Handle empty group list specially */ -- cgit v1.2.3 From 5bb254a38fa9e233bcdb24956e1f8ccf2b19182b Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 1 Aug 2015 12:18:48 +0000 Subject: Partial revert of r286152 More work needed on the cli validation --- pw/pw_user.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 6e07f1f..eca8235 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -418,14 +418,14 @@ pw_user(int mode, char *name, long id, struct cargs * args) errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); } - if (conf.expire_days > 0) - cnf->expire_days = conf.expire_days; + if ((arg = getarg(args, 'e')) != NULL) + cnf->expire_days = atoi(arg->val); if ((arg = getarg(args, 'y')) != NULL) cnf->nispasswd = arg->val; - if (conf.password_days > 0) - cnf->password_days = conf.password_days; + if ((arg = getarg(args, 'p')) != NULL && arg->val) + cnf->password_days = atoi(arg->val); if ((arg = getarg(args, 'g')) != NULL) { if (!*(p = arg->val)) /* Handle empty group list specially */ -- cgit v1.2.3 From e773096e9049d4fb494d9ea86a862cd89d62bdfc Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 12:47:50 +0000 Subject: Rewrite parsing subcommands arguments of pw(8) Now each subcommands checks its arguments in a dedicated functions. This helps improving input validation, code readability/maintainability While here: - Add a -y option to pw userdel/usermod so it can maintain NIS servers if nispasswd is not defined in pw.conf(5) - Allow pw -r to remove directory with userdel -r - Fix bug when renaming a user which was not renaming the user name it groups it is a member of. - Only parse pw.conf(5) when needed. --- pw/pw_user.c | 2431 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 1378 insertions(+), 1053 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index eca8235..8ff4159 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -52,42 +52,53 @@ static const char rcsid[] = static char locked_str[] = "*LOCKED*"; -static int pw_userdel(char *name, long id); -static int print_user(struct passwd * pwd); -static uid_t pw_uidpolicy(struct userconf * cnf, long id); -static uid_t pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer); -static time_t pw_pwdpolicy(struct userconf * cnf, struct cargs * args); -static time_t pw_exppolicy(struct userconf * cnf, struct cargs * args); -static char *pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user); -static char *pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell); -static char *pw_password(struct userconf * cnf, char const * user); -static char *shell_path(char const * path, char *shells[], char *sh); -static void rmat(uid_t uid); -static void rmopie(char const * name); +static struct passwd fakeuser = { + "nouser", + "*", + -1, + -1, + 0, + "", + "User &", + "/nonexistent", + "/bin/sh", + 0, + 0 +}; + +static int print_user(struct passwd *pwd, bool pretty, bool v7); +static uid_t pw_uidpolicy(struct userconf *cnf, intmax_t id); +static uid_t pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, + gid_t prefer, bool dryrun); +static char *pw_homepolicy(struct userconf * cnf, char *homedir, + const char *user); +static char *pw_shellpolicy(struct userconf * cnf); +static char *pw_password(struct userconf * cnf, char const * user, + bool dryrun); +static char *shell_path(char const * path, char *shells[], char *sh); +static void rmat(uid_t uid); +static void rmopie(char const * name); static void -create_and_populate_homedir(struct passwd *pwd) +create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd, + const char *skeldir, mode_t homemode, bool update) { - struct userconf *cnf = conf.userconf; - const char *skeldir; int skelfd = -1; - skeldir = cnf->dotdir; - if (skeldir != NULL && *skeldir != '\0') { if (*skeldir == '/') skeldir++; skelfd = openat(conf.rootfd, skeldir, O_DIRECTORY|O_CLOEXEC); } - copymkdir(conf.rootfd, pwd->pw_dir, skelfd, cnf->homemode, pwd->pw_uid, + copymkdir(conf.rootfd, pwd->pw_dir, skelfd, homemode, pwd->pw_uid, pwd->pw_gid, 0); - pw_log(cnf, M_ADD, W_USER, "%s(%ju) home %s made", pwd->pw_name, - (uintmax_t)pwd->pw_uid, pwd->pw_dir); + pw_log(cnf, update ? M_UPDATE : M_ADD, W_USER, "%s(%ju) home %s made", + pwd->pw_name, (uintmax_t)pwd->pw_uid, pwd->pw_dir); } static int -set_passwd(struct passwd *pwd, bool update) +pw_set_passwd(struct passwd *pwd, int fd, bool precrypted, bool update) { int b, istty; struct termios t, n; @@ -95,7 +106,7 @@ set_passwd(struct passwd *pwd, bool update) char line[_PASSWORD_LEN+1]; char *p; - if (conf.fd == '-') { + if (fd == '-') { if (!pwd->pw_passwd || *pwd->pw_passwd != '*') { pwd->pw_passwd = "*"; /* No access */ return (1); @@ -103,40 +114,40 @@ set_passwd(struct passwd *pwd, bool update) return (0); } - if ((istty = isatty(conf.fd))) { - if (tcgetattr(conf.fd, &t) == -1) + if ((istty = isatty(fd))) { + if (tcgetattr(fd, &t) == -1) istty = 0; else { n = t; n.c_lflag &= ~(ECHO); - tcsetattr(conf.fd, TCSANOW, &n); + tcsetattr(fd, TCSANOW, &n); printf("%s%spassword for user %s:", update ? "new " : "", - conf.precrypted ? "encrypted " : "", + precrypted ? "encrypted " : "", pwd->pw_name); fflush(stdout); } } - b = read(conf.fd, line, sizeof(line) - 1); + b = read(fd, line, sizeof(line) - 1); if (istty) { /* Restore state */ - tcsetattr(conf.fd, TCSANOW, &t); + tcsetattr(fd, TCSANOW, &t); fputc('\n', stdout); fflush(stdout); } if (b < 0) err(EX_IOERR, "-%c file descriptor", - conf.precrypted ? 'H' : 'h'); + precrypted ? 'H' : 'h'); line[b] = '\0'; if ((p = strpbrk(line, "\r\n")) != NULL) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", - conf.fd); - if (conf.precrypted) { + fd); + if (precrypted) { if (strchr(line, ':') != NULL) errx(EX_DATAERR, "bad encrypted password"); - pwd->pw_passwd = line; + pwd->pw_passwd = strdup(line); } else { lc = login_getpwclass(pwd); if (lc == NULL || @@ -148,54 +159,15 @@ set_passwd(struct passwd *pwd, bool update) return (1); } -int -pw_usernext(struct userconf *cnf, bool quiet) -{ - uid_t next = pw_uidpolicy(cnf, -1); - - if (quiet) - return (next); - - printf("%ju:", (uintmax_t)next); - pw_groupnext(cnf, quiet); - - return (EXIT_SUCCESS); -} - -static int -pw_usershow(char *name, long id, struct passwd *fakeuser) -{ - struct passwd *pwd = NULL; - - if (id < 0 && name == NULL && !conf.all) - errx(EX_DATAERR, "username or id or '-a' required"); - - if (conf.all) { - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - print_user(pwd); - ENDPWENT(); - return (EXIT_SUCCESS); - } - - pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); - if (pwd == NULL) { - if (conf.force) { - pwd = fakeuser; - } else { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); - errx(EX_NOUSER, "no such user `%s'", name); - } - } - - return (print_user(pwd)); -} - static void -perform_chgpwent(const char *name, struct passwd *pwd) +perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd) { int rc; + struct passwd *nispwd; + + /* duplicate for nis so that chgpwent is not modifying before NIS */ + if (nispasswd && *nispasswd == '/') + nispwd = pw_dup(pwd); rc = chgpwent(name, pwd); if (rc == -1) @@ -203,8 +175,8 @@ perform_chgpwent(const char *name, struct passwd *pwd) else if (rc != 0) err(EX_IOERR, "passwd file update"); - if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') { - rc = chgnispwent(conf.userconf->nispasswd, name, pwd); + if (nispasswd && *nispasswd == '/') { + rc = chgnispwent(nispasswd, name, nispwd); if (rc == -1) warn("User '%s' not found in NIS passwd", pwd->pw_name); else if (rc != 0) @@ -223,19 +195,29 @@ perform_chgpwent(const char *name, struct passwd *pwd) * that is a known limitation. */ static int -pw_userlock(char *name, long id, int mode) +pw_userlock(char *arg1, int mode) { struct passwd *pwd = NULL; char *passtmp = NULL; + char *name; bool locked = false; + uid_t id; - if (id < 0 && name == NULL) + if (geteuid() != 0) + errx(EX_NOPERM, "you must be root"); + + if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); if (pwd == NULL) { if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } @@ -258,470 +240,1088 @@ pw_userlock(char *name, long id, int mode) pwd->pw_passwd += sizeof(locked_str)-1; } - perform_chgpwent(name, pwd); + perform_chgpwent(name, pwd, NULL); free(passtmp); return (EXIT_SUCCESS); } -/*- - * -C config configuration file - * -q quiet operation - * -n name login name - * -u uid user id - * -c comment user name/comment - * -d directory home directory - * -e date account expiry date - * -p date password expiry date - * -g grp primary group - * -G grp1,grp2 additional groups - * -m [ -k dir ] create and set up home - * -s shell name of login shell - * -o duplicate uid ok - * -L class user class - * -l name new login name - * -h fd password filehandle - * -H fd encrypted password filehandle - * -F force print or add - * Setting defaults: - * -D set user defaults - * -b dir default home root dir - * -e period default expiry period - * -p period default password change period - * -g group default group - * -G grp1,grp2.. default additional groups - * -L class default login class - * -k dir default home skeleton - * -s shell default shell - * -w method default password method - */ - -int -pw_user(int mode, char *name, long id, struct cargs * args) +static uid_t +pw_uidpolicy(struct userconf * cnf, intmax_t id) { - int rc, edited = 0; - char *p = NULL; - struct carg *arg; - struct passwd *pwd = NULL; - struct group *grp; - struct stat st; - struct userconf *cnf; - char line[_PASSWORD_LEN+1]; - char path[MAXPATHLEN]; - FILE *fp; - char *dmode_c; - void *set = NULL; - int valid_type = _PWF_FILES; - - static struct passwd fakeuser = - { - "nouser", - "*", - -1, - -1, - 0, - "", - "User &", - "/nonexistent", - "/bin/sh", - 0 -#if defined(__FreeBSD__) - ,0 -#endif - }; - - cnf = conf.userconf; - - if (mode == M_NEXT) - return (pw_usernext(cnf, conf.quiet)); - - if (mode == M_PRINT) - return (pw_usershow(name, id, &fakeuser)); - - if (mode == M_DELETE) - return (pw_userdel(name, id)); - - if (mode == M_LOCK || mode == M_UNLOCK) - return (pw_userlock(name, id, mode)); + struct passwd *pwd; + struct bitmap bm; + uid_t uid = (uid_t) - 1; /* - * We can do all of the common legwork here + * Check the given uid, if any */ + if (id >= 0) { + uid = (uid_t) id; - if ((arg = getarg(args, 'b')) != NULL) { - cnf->home = arg->val; + if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) + errx(EX_DATAERR, "uid `%ju' has already been allocated", + (uintmax_t)pwd->pw_uid); + return (uid); } - - if ((arg = getarg(args, 'M')) != NULL) { - dmode_c = arg->val; - if ((set = setmode(dmode_c)) == NULL) - errx(EX_DATAERR, "invalid directory creation mode '%s'", - dmode_c); - cnf->homemode = getmode(set, _DEF_DIRMODE); - free(set); + /* + * We need to allocate the next available uid under one of + * two policies a) Grab the first unused uid b) Grab the + * highest possible unused uid + */ + if (cnf->min_uid >= cnf->max_uid) { /* Sanity + * claus^H^H^H^Hheck */ + cnf->min_uid = 1000; + cnf->max_uid = 32000; } + bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1); /* - * If we'll need to use it or we're updating it, - * then create the base home directory if necessary + * Now, let's fill the bitmap from the password file */ - if (arg != NULL || getarg(args, 'm') != NULL) { - int l = strlen(cnf->home); + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid) + bm_setbit(&bm, pwd->pw_uid - cnf->min_uid); + ENDPWENT(); - if (l > 1 && cnf->home[l-1] == '/') /* Shave off any trailing path delimiter */ - cnf->home[--l] = '\0'; + /* + * Then apply the policy, with fallback to reuse if necessary + */ + if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid) + uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid); - if (l < 2 || *cnf->home != '/') /* Check for absolute path name */ - errx(EX_DATAERR, "invalid base directory for home '%s'", cnf->home); + /* + * Another sanity check + */ + if (uid < cnf->min_uid || uid > cnf->max_uid) + errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used"); + bm_dealloc(&bm); + return (uid); +} - if (stat(cnf->home, &st) == -1) { - char dbuf[MAXPATHLEN]; +static uid_t +pw_gidpolicy(struct userconf *cnf, char *grname, char *nam, gid_t prefer, bool dryrun) +{ + struct group *grp; + gid_t gid = (uid_t) - 1; - /* - * This is a kludge especially for Joerg :) - * If the home directory would be created in the root partition, then - * we really create it under /usr which is likely to have more space. - * But we create a symlink from cnf->home -> "/usr" -> cnf->home - */ - if (strchr(cnf->home+1, '/') == NULL) { - snprintf(dbuf, MAXPATHLEN, "/usr%s", cnf->home); - if (mkdir(dbuf, _DEF_DIRMODE) != -1 || errno == EEXIST) { - chown(dbuf, 0, 0); - /* - * Skip first "/" and create symlink: - * /home -> usr/home - */ - symlink(dbuf+1, cnf->home); - } - /* If this falls, fall back to old method */ - } - strlcpy(dbuf, cnf->home, sizeof(dbuf)); - p = dbuf; - if (stat(dbuf, &st) == -1) { - while ((p = strchr(p + 1, '/')) != NULL) { - *p = '\0'; - if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "mkdir '%s'", dbuf); - chown(dbuf, 0, 0); - } else if (!S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "'%s' (root home parent) is not a directory", dbuf); - *p = '/'; - } - } - if (stat(dbuf, &st) == -1) { - if (mkdir(dbuf, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "mkdir '%s'", dbuf); - chown(dbuf, 0, 0); - } - } else if (!S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "root home `%s' is not a directory", cnf->home); + /* + * Check the given gid, if any + */ + SETGRENT(); + if (grname) { + if ((grp = GETGRNAM(grname)) == NULL) { + gid = pw_checkid(grname, GID_MAX); + grp = GETGRGID(gid); + } + gid = grp->gr_gid; + } else if ((grp = GETGRNAM(nam)) != NULL && + (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { + gid = grp->gr_gid; /* Already created? Use it anyway... */ + } else { + intmax_t grid = -1; + + /* + * We need to auto-create a group with the user's name. We + * can send all the appropriate output to our sister routine + * bit first see if we can create a group with gid==uid so we + * can keep the user and group ids in sync. We purposely do + * NOT check the gid range if we can force the sync. If the + * user's name dups an existing group, then the group add + * function will happily handle that case for us and exit. + */ + if (GETGRGID(prefer) == NULL) + grid = prefer; + if (dryrun) { + gid = pw_groupnext(cnf, true); + } else { + if (grid == -1) + grid = pw_groupnext(cnf, true); + groupadd(cnf, nam, grid, NULL, -1, false, false, false); + if ((grp = GETGRNAM(nam)) != NULL) + gid = grp->gr_gid; + } } + ENDGRENT(); + return (gid); +} - if ((arg = getarg(args, 'e')) != NULL) - cnf->expire_days = atoi(arg->val); +static char * +pw_homepolicy(struct userconf * cnf, char *homedir, const char *user) +{ + static char home[128]; - if ((arg = getarg(args, 'y')) != NULL) - cnf->nispasswd = arg->val; + if (homedir) + return (homedir); - if ((arg = getarg(args, 'p')) != NULL && arg->val) - cnf->password_days = atoi(arg->val); + if (cnf->home == NULL || *cnf->home == '\0') + errx(EX_CONFIG, "no base home directory set"); + snprintf(home, sizeof(home), "%s/%s", cnf->home, user); - if ((arg = getarg(args, 'g')) != NULL) { - if (!*(p = arg->val)) /* Handle empty group list specially */ - cnf->default_group = ""; - else { - if ((grp = GETGRNAM(p)) == NULL) { - if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) - errx(EX_NOUSER, "group `%s' does not exist", p); - } - cnf->default_group = newstr(grp->gr_name); - } - } - if ((arg = getarg(args, 'L')) != NULL) - cnf->default_class = pw_checkname(arg->val, 0); + return (home); +} - if ((arg = getarg(args, 'G')) != NULL && arg->val) { - for (p = strtok(arg->val, ", \t"); p != NULL; p = strtok(NULL, ", \t")) { - if ((grp = GETGRNAM(p)) == NULL) { - if (!isdigit((unsigned char)*p) || (grp = GETGRGID((gid_t) atoi(p))) == NULL) - errx(EX_NOUSER, "group `%s' does not exist", p); - } - sl_add(cnf->groups, newstr(grp->gr_name)); - } - } +static char * +shell_path(char const * path, char *shells[], char *sh) +{ + if (sh != NULL && (*sh == '/' || *sh == '\0')) + return sh; /* specified full path or forced none */ + else { + char *p; + char paths[_UC_MAXLINE]; + + /* + * We need to search paths + */ + strlcpy(paths, path, sizeof(paths)); + for (p = strtok(paths, ": \t\r\n"); p != NULL; p = strtok(NULL, ": \t\r\n")) { + int i; + static char shellpath[256]; - if ((arg = getarg(args, 'k')) != NULL) { - char *tmp = cnf->dotdir = arg->val; - if (*tmp == '/') - tmp++; - if ((fstatat(conf.rootfd, tmp, &st, 0) == -1) || - !S_ISDIR(st.st_mode)) - errx(EX_OSFILE, "skeleton `%s' is not a directory or " - "does not exist", cnf->dotdir); + if (sh != NULL) { + snprintf(shellpath, sizeof(shellpath), "%s/%s", p, sh); + if (access(shellpath, X_OK) == 0) + return shellpath; + } else + for (i = 0; i < _UC_MAXSHELLS && shells[i] != NULL; i++) { + snprintf(shellpath, sizeof(shellpath), "%s/%s", p, shells[i]); + if (access(shellpath, X_OK) == 0) + return shellpath; + } + } + if (sh == NULL) + errx(EX_OSFILE, "can't find shell `%s' in shell paths", sh); + errx(EX_CONFIG, "no default shell available or defined"); + return NULL; } +} - if ((arg = getarg(args, 's')) != NULL) - cnf->shell_default = arg->val; +static char * +pw_shellpolicy(struct userconf * cnf) +{ - if ((arg = getarg(args, 'w')) != NULL) - cnf->default_password = boolean_val(arg->val, cnf->default_password); - if (mode == M_ADD && getarg(args, 'D')) { - if (name != NULL) - errx(EX_DATAERR, "can't combine `-D' with `-n name'"); - if ((arg = getarg(args, 'u')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) { - if ((cnf->min_uid = (uid_t) atoi(p)) == 0) - cnf->min_uid = 1000; - if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_uid = (uid_t) atoi(p)) < cnf->min_uid) - cnf->max_uid = 32000; - } - if ((arg = getarg(args, 'i')) != NULL && (p = strtok(arg->val, ", \t")) != NULL) { - if ((cnf->min_gid = (gid_t) atoi(p)) == 0) - cnf->min_gid = 1000; - if ((p = strtok(NULL, " ,\t")) == NULL || (cnf->max_gid = (gid_t) atoi(p)) < cnf->min_gid) - cnf->max_gid = 32000; - } + return shell_path(cnf->shelldir, cnf->shells, cnf->shell_default); +} - if (write_userconfig(conf.config)) - return (EXIT_SUCCESS); - err(EX_IOERR, "config udpate"); - } +#define SALTSIZE 32 - if (name != NULL) - pwd = GETPWNAM(pw_checkname(name, 0)); +static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"; - if (id < 0 && name == NULL) - errx(EX_DATAERR, "user name or id required"); +char * +pw_pwcrypt(char *password) +{ + int i; + char salt[SALTSIZE + 1]; + char *cryptpw; + static char buf[256]; /* - * Update require that the user exists + * Calculate a salt value */ - if (mode == M_UPDATE) { - - if (name == NULL && pwd == NULL) /* Try harder */ - pwd = GETPWUID(id); - - if (pwd == NULL) { - if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); - errx(EX_NOUSER, "no such user `%s'", name); - } + for (i = 0; i < SALTSIZE; i++) + salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)]; + salt[SALTSIZE] = '\0'; - if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') - valid_type = _PWF_NIS; + cryptpw = crypt(password, salt); + if (cryptpw == NULL) + errx(EX_CONFIG, "crypt(3) failure"); + return strcpy(buf, cryptpw); +} - if (PWF._altdir == PWF_REGULAR && - ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) - errx(EX_NOUSER, "no such %s user `%s'", - valid_type == _PWF_FILES ? "local" : "NIS" , name); +static char * +pw_password(struct userconf * cnf, char const * user, bool dryrun) +{ + int i, l; + char pwbuf[32]; - if (name == NULL) - name = pwd->pw_name; + switch (cnf->default_password) { + case -1: /* Random password */ + l = (arc4random() % 8 + 8); /* 8 - 16 chars */ + for (i = 0; i < l; i++) + pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; + pwbuf[i] = '\0'; /* - * The rest is edit code + * We give this information back to the user */ - if (conf.newname != NULL) { - if (strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "can't rename `root' account"); - pwd->pw_name = pw_checkname(conf.newname, 0); - edited = 1; - } - - if (id > 0 && isdigit((unsigned char)*arg->val)) { - pwd->pw_uid = (uid_t)id; - edited = 1; - if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "can't change uid of `root' account"); - if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + if (conf.fd == -1 && !dryrun) { + if (isatty(STDOUT_FILENO)) + printf("Password for '%s' is: ", user); + printf("%s\n", pwbuf); + fflush(stdout); } + break; - if ((arg = getarg(args, 'g')) != NULL && pwd->pw_uid != 0) { /* Already checked this */ - gid_t newgid = (gid_t) GETGRNAM(cnf->default_group)->gr_gid; - if (newgid != pwd->pw_gid) { - edited = 1; - pwd->pw_gid = newgid; - } - } + case -2: /* No password at all! */ + return ""; - if ((arg = getarg(args, 'p')) != NULL) { - if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) { - if (pwd->pw_change != 0) { - pwd->pw_change = 0; - edited = 1; - } - } - else { - time_t now = time(NULL); - time_t expire = parse_date(now, arg->val); + case 0: /* No login - default */ + default: + return "*"; - if (pwd->pw_change != expire) { - pwd->pw_change = expire; - edited = 1; - } - } - } + case 1: /* user's name */ + strlcpy(pwbuf, user, sizeof(pwbuf)); + break; + } + return pw_pwcrypt(pwbuf); +} - if ((arg = getarg(args, 'e')) != NULL) { - if (*arg->val == '\0' || strcmp(arg->val, "0") == 0) { - if (pwd->pw_expire != 0) { - pwd->pw_expire = 0; - edited = 1; - } - } - else { - time_t now = time(NULL); - time_t expire = parse_date(now, arg->val); +static int +print_user(struct passwd * pwd, bool pretty, bool v7) +{ + int j; + char *p; + struct group *grp = GETGRGID(pwd->pw_gid); + char uname[60] = "User &", office[60] = "[None]", + wphone[60] = "[None]", hphone[60] = "[None]"; + char acexpire[32] = "[None]", pwexpire[32] = "[None]"; + struct tm * tptr; + + if (!pretty) { + p = v7 ? pw_make_v7(pwd) : pw_make(pwd); + printf("%s\n", p); + free(p); + return (EXIT_SUCCESS); + } - if (pwd->pw_expire != expire) { - pwd->pw_expire = expire; - edited = 1; + if ((p = strtok(pwd->pw_gecos, ",")) != NULL) { + strlcpy(uname, p, sizeof(uname)); + if ((p = strtok(NULL, ",")) != NULL) { + strlcpy(office, p, sizeof(office)); + if ((p = strtok(NULL, ",")) != NULL) { + strlcpy(wphone, p, sizeof(wphone)); + if ((p = strtok(NULL, "")) != NULL) { + strlcpy(hphone, p, sizeof(hphone)); } } } - - if ((arg = getarg(args, 's')) != NULL) { - char *shell = shell_path(cnf->shelldir, cnf->shells, arg->val); - if (shell == NULL) - shell = ""; - if (strcmp(shell, pwd->pw_shell) != 0) { - pwd->pw_shell = shell; - edited = 1; - } - } - - if (getarg(args, 'L')) { - if (cnf->default_class == NULL) - cnf->default_class = ""; - if (strcmp(pwd->pw_class, cnf->default_class) != 0) { - pwd->pw_class = cnf->default_class; - edited = 1; - } - } - - if ((arg = getarg(args, 'd')) != NULL) { - if (strcmp(pwd->pw_dir, arg->val)) - edited = 1; - if (stat(pwd->pw_dir = arg->val, &st) == -1) { - if (getarg(args, 'm') == NULL && strcmp(pwd->pw_dir, "/nonexistent") != 0) - warnx("WARNING: home `%s' does not exist", pwd->pw_dir); - } else if (!S_ISDIR(st.st_mode)) - warnx("WARNING: home `%s' is not a directory", pwd->pw_dir); - } - - if ((arg = getarg(args, 'w')) != NULL && conf.fd == -1) { - login_cap_t *lc; - - lc = login_getpwclass(pwd); - if (lc == NULL || - login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_password(cnf, pwd->pw_name); - edited = 1; - } - - } else { - login_cap_t *lc; - - /* - * Add code - */ - - if (name == NULL) /* Required */ - errx(EX_DATAERR, "login name required"); - else if ((pwd = GETPWNAM(name)) != NULL) /* Exists */ - errx(EX_DATAERR, "login name `%s' already exists", name); - - /* - * Now, set up defaults for a new user - */ - pwd = &fakeuser; - pwd->pw_name = name; - pwd->pw_class = cnf->default_class ? cnf->default_class : ""; - pwd->pw_uid = pw_uidpolicy(cnf, id); - pwd->pw_gid = pw_gidpolicy(args, pwd->pw_name, (gid_t) pwd->pw_uid); - pwd->pw_change = pw_pwdpolicy(cnf, args); - pwd->pw_expire = pw_exppolicy(cnf, args); - pwd->pw_dir = pw_homepolicy(cnf, args, pwd->pw_name); - pwd->pw_shell = pw_shellpolicy(cnf, args, NULL); - lc = login_getpwclass(pwd); - if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) - warn("setting crypt(3) format"); - login_close(lc); - pwd->pw_passwd = pw_password(cnf, pwd->pw_name); - edited = 1; - - if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: new account `%s' has a uid of 0 (superuser access!)", pwd->pw_name); } - /* - * Shared add/edit code + * Handle '&' in gecos field */ - if (conf.gecos != NULL) { - if (strcmp(pwd->pw_gecos, conf.gecos) != 0) { - pwd->pw_gecos = conf.gecos; - edited = 1; + if ((p = strchr(uname, '&')) != NULL) { + int l = strlen(pwd->pw_name); + int m = strlen(p); + + memmove(p + l, p + 1, m); + memmove(p, pwd->pw_name, l); + *p = (char) toupper((unsigned char)*p); + } + if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL) + strftime(acexpire, sizeof acexpire, "%c", tptr); + if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) + strftime(pwexpire, sizeof pwexpire, "%c", tptr); + printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" + " Full Name: %s\n" + " Home: %-26.26s Class: %s\n" + " Shell: %-26.26s Office: %s\n" + "Work Phone: %-26.26s Home Phone: %s\n" + "Acc Expire: %-26.26s Pwd Expire: %s\n", + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, + uname, pwd->pw_dir, pwd->pw_class, + pwd->pw_shell, office, wphone, hphone, + acexpire, pwexpire); + SETGRENT(); + j = 0; + while ((grp=GETGRENT()) != NULL) { + int i = 0; + if (grp->gr_mem != NULL) { + while (grp->gr_mem[i] != NULL) { + if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) { + printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); + break; + } + ++i; + } } } + ENDGRENT(); + printf("%s", j ? "\n" : ""); + return (EXIT_SUCCESS); +} - if (conf.fd != -1) - edited = set_passwd(pwd, mode == M_UPDATE); - +char * +pw_checkname(char *name, int gecos) +{ + char showch[8]; + const char *badchars, *ch, *showtype; + int reject; + + ch = name; + reject = 0; + if (gecos) { + /* See if the name is valid as a gecos (comment) field. */ + badchars = ":!@"; + showtype = "gecos field"; + } else { + /* See if the name is valid as a userid or group. */ + badchars = " ,\t:+&#%$^()!@~*?<>=|\\/\""; + showtype = "userid/group name"; + /* Userids and groups can not have a leading '-'. */ + if (*ch == '-') + reject = 1; + } + if (!reject) { + while (*ch) { + if (strchr(badchars, *ch) != NULL || *ch < ' ' || + *ch == 127) { + reject = 1; + break; + } + /* 8-bit characters are only allowed in GECOS fields */ + if (!gecos && (*ch & 0x80)) { + reject = 1; + break; + } + ch++; + } + } + /* + * A `$' is allowed as the final character for userids and groups, + * mainly for the benefit of samba. + */ + if (reject && !gecos) { + if (*ch == '$' && *(ch + 1) == '\0') { + reject = 0; + ch++; + } + } + if (reject) { + snprintf(showch, sizeof(showch), (*ch >= ' ' && *ch < 127) + ? "`%c'" : "0x%02x", *ch); + errx(EX_DATAERR, "invalid character %s at position %td in %s", + showch, (ch - name), showtype); + } + if (!gecos && (ch - name) > LOGNAMESIZE) + errx(EX_USAGE, "name too long `%s' (max is %d)", name, + LOGNAMESIZE); + + return (name); +} + +static void +rmat(uid_t uid) +{ + DIR *d = opendir("/var/at/jobs"); + + if (d != NULL) { + struct dirent *e; + + while ((e = readdir(d)) != NULL) { + struct stat st; + + if (strncmp(e->d_name, ".lock", 5) != 0 && + stat(e->d_name, &st) == 0 && + !S_ISDIR(st.st_mode) && + st.st_uid == uid) { + char tmp[MAXPATHLEN]; + + snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); + system(tmp); + } + } + closedir(d); + } +} + +static void +rmopie(char const * name) +{ + char tmp[1014]; + FILE *fp; + int fd; + size_t len; + off_t atofs = 0; + + if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) + return; + + fp = fdopen(fd, "r+"); + len = strlen(name); + + while (fgets(tmp, sizeof(tmp), fp) != NULL) { + if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { + /* Comment username out */ + if (fseek(fp, atofs, SEEK_SET) == 0) + fwrite("#", 1, 1, fp); + break; + } + atofs = ftell(fp); + } /* - * Special case: -N only displays & exits + * If we got an error of any sort, don't update! */ - if (conf.dryrun) - return print_user(pwd); + fclose(fp); +} + +int +pw_user_next(int argc, char **argv, char *name __unused) +{ + struct userconf *cnf = NULL; + const char *cfg = NULL; + int ch; + bool quiet = false; + uid_t next; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + cnf = get_userconfig(cfg); + + next = pw_uidpolicy(cnf, -1); + + printf("%ju:", (uintmax_t)next); + pw_groupnext(cnf, quiet); + + return (EXIT_SUCCESS); +} + +int +pw_user_show(int argc, char **argv, char *arg1) +{ + struct passwd *pwd = NULL; + char *name = NULL; + uid_t id = -1; + int ch; + bool all = false; + bool pretty = false; + bool force = false; + bool v7 = false; + bool quiet = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:u:FPa7")) != -1) { + switch (ch) { + case 'C': + /* ignore compatibility */ + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + id = pw_checkid(optarg, UID_MAX); + break; + case 'F': + force = true; + break; + case 'P': + pretty = true; + break; + case 'a': + all = true; + break; + case 7: + v7 = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + if (all) { + SETPWENT(); + while ((pwd = GETPWENT()) != NULL) + print_user(pwd, pretty, v7); + ENDPWENT(); + return (EXIT_SUCCESS); + } + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (force) { + pwd = &fakeuser; + } else { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ju'", + (uintmax_t) id); + errx(EX_NOUSER, "no such user `%s'", name); + } + } + + return (print_user(pwd, pretty, v7)); +} + +int +pw_user_del(int argc, char **argv, char *arg1) +{ + struct userconf *cnf = NULL; + struct passwd *pwd = NULL; + struct group *gr, *grp; + char *name = NULL; + char grname[MAXLOGNAME]; + char *nispasswd = NULL; + char file[MAXPATHLEN]; + char home[MAXPATHLEN]; + const char *cfg = NULL; + struct stat st; + uid_t id; + int ch, rc; + bool nis = false; + bool deletehome = false; + bool quiet = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, "C:qn:u:rYy:")) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + id = pw_checkid(optarg, UID_MAX); + break; + case 'r': + deletehome = true; + break; + case 'y': + nispasswd = optarg; + break; + case 'Y': + nis = true; + break; + } + } + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + if (id < 0 && name == NULL) + errx(EX_DATAERR, "username or id required"); + + cnf = get_userconfig(cfg); + + if (nispasswd == NULL) + nispasswd = cnf->nispasswd; + + pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); + if (pwd == NULL) { + if (name == NULL) + errx(EX_NOUSER, "no such uid `%ju'", (uintmax_t) id); + errx(EX_NOUSER, "no such user `%s'", name); + } + + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) { + if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { + if (!nis && nispasswd && *nispasswd != '/') + errx(EX_NOUSER, "Cannot remove NIS user `%s'", + name); + } else { + errx(EX_NOUSER, "Cannot remove non local user `%s'", + name); + } + } + + id = pwd->pw_uid; + if (name == NULL) + name = pwd->pw_name; + + if (strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "cannot remove user 'root'"); + + /* Remove opie record from /etc/opiekeys */ + if (PWALTDIR() != PWF_ALT) + rmopie(pwd->pw_name); + + if (!PWALTDIR()) { + /* Remove crontabs */ + snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); + if (access(file, F_OK) == 0) { + snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); + system(file); + } + } + + /* + * Save these for later, since contents of pwd may be + * invalidated by deletion + */ + snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name); + strlcpy(home, pwd->pw_dir, sizeof(home)); + gr = GETGRGID(pwd->pw_gid); + if (gr != NULL) + strlcpy(grname, gr->gr_name, LOGNAMESIZE); + else + grname[0] = '\0'; + + rc = delpwent(pwd); + if (rc == -1) + err(EX_IOERR, "user '%s' does not exist", pwd->pw_name); + else if (rc != 0) + err(EX_IOERR, "passwd update"); + + if (nis && nispasswd && *nispasswd=='/') { + rc = delnispwent(nispasswd, name); + if (rc == -1) + warnx("WARNING: user '%s' does not exist in NIS passwd", + pwd->pw_name); + else if (rc != 0) + warn("WARNING: NIS passwd update"); + } + + grp = GETGRNAM(name); + if (grp != NULL && + (grp->gr_mem == NULL || *grp->gr_mem == NULL) && + strcmp(name, grname) == 0) + delgrent(GETGRNAM(name)); + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + int i, j; + char group[MAXLOGNAME]; + if (grp->gr_mem == NULL) + continue; + + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i], name) != 0) + continue; + + for (j = i; grp->gr_mem[j] != NULL; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + strlcpy(group, grp->gr_name, MAXLOGNAME); + chggrent(group, grp); + } + } + ENDGRENT(); + + pw_log(cnf, M_DELETE, W_USER, "%s(%ju) account removed", name, + (uintmax_t)id); + + /* Remove mail file */ + if (PWALTDIR() != PWF_ALT) + unlinkat(conf.rootfd, file + 1, 0); + + /* Remove at jobs */ + if (!PWALTDIR() && getpwuid(id) == NULL) + rmat(id); + + /* Remove home directory and contents */ + if (PWALTDIR() != PWF_ALT && deletehome && *home == '/' && + GETPWUID(id) == NULL && + fstatat(conf.rootfd, home + 1, &st, 0) != -1) { + rm_r(conf.rootfd, home, id); + pw_log(cnf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" + "removed", name, (uintmax_t)id, home, + fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " + "completely "); + } + + return (EXIT_SUCCESS); +} + +int +pw_user_lock(int argc, char **argv, char *arg1) +{ + int ch; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + case 'q': + /* compatibility */ + break; + } + } + + return (pw_userlock(arg1, M_LOCK)); +} + +int +pw_user_unlock(int argc, char **argv, char *arg1) +{ + int ch; + + while ((ch = getopt(argc, argv, "Cq")) != -1) { + switch (ch) { + case 'C': + case 'q': + /* compatibility */ + break; + } + } + + return (pw_userlock(arg1, M_UNLOCK)); +} + +static struct group * +group_from_name_or_id(char *name) +{ + const char *errstr = NULL; + struct group *grp; + uintmax_t id; + + if ((grp = GETGRNAM(name)) == NULL) { + id = strtounum(name, 0, GID_MAX, &errstr); + if (errstr) + errx(EX_NOUSER, "group `%s' does not exist", name); + grp = GETGRGID(id); + if (grp == NULL) + errx(EX_NOUSER, "group `%s' does not exist", name); + } + + return (grp); +} + +static void +split_groups(StringList **groups, char *groupsstr) +{ + struct group *grp; + char *p; + char tok[] = ", \t"; + + for (p = strtok(groupsstr, tok); p != NULL; p = strtok(NULL, tok)) { + grp = group_from_name_or_id(p); + if (*groups == NULL) + *groups = sl_init(); + sl_add(*groups, newstr(grp->gr_name)); + } +} + +static void +validate_grname(struct userconf *cnf, char *group) +{ + struct group *grp; + + if (group == NULL || *group == '\0') { + cnf->default_group = ""; + return; + } + grp = group_from_name_or_id(group); + cnf->default_group = newstr(grp->gr_name); +} + +static mode_t +validate_mode(char *mode) +{ + mode_t m; + void *set; + + if ((set = setmode(mode)) == NULL) + errx(EX_DATAERR, "invalid directory creation mode '%s'", mode); + + m = getmode(set, _DEF_DIRMODE); + free(set); + return (m); +} + +static void +mix_config(struct userconf *cmdcnf, struct userconf *cfg) +{ + + if (cmdcnf->default_password == 0) + cmdcnf->default_password = cfg->default_password; + if (cmdcnf->reuse_uids == 0) + cmdcnf->reuse_uids = cfg->reuse_uids; + if (cmdcnf->reuse_gids == 0) + cmdcnf->reuse_gids = cfg->reuse_gids; + if (cmdcnf->nispasswd == NULL) + cmdcnf->nispasswd = cfg->nispasswd; + if (cmdcnf->dotdir == NULL) + cmdcnf->dotdir = cfg->dotdir; + if (cmdcnf->newmail == NULL) + cmdcnf->newmail = cfg->newmail; + if (cmdcnf->logfile == NULL) + cmdcnf->logfile = cfg->logfile; + if (cmdcnf->home == NULL) + cmdcnf->home = cfg->home; + if (cmdcnf->homemode == 0) + cmdcnf->homemode = cfg->homemode; + if (cmdcnf->shelldir == NULL) + cmdcnf->shelldir = cfg->shelldir; + if (cmdcnf->shells == NULL) + cmdcnf->shells = cfg->shells; + if (cmdcnf->shell_default == NULL) + cmdcnf->shell_default = cfg->shell_default; + if (cmdcnf->default_group == NULL) + cmdcnf->default_group = cfg->default_group; + if (cmdcnf->groups == NULL) + cmdcnf->groups = cfg->groups; + if (cmdcnf->default_class == NULL) + cmdcnf->default_class = cfg->default_class; + if (cmdcnf->min_uid == 0) + cmdcnf->min_uid = cfg->min_uid; + if (cmdcnf->max_uid == 0) + cmdcnf->max_uid = cfg->max_uid; + if (cmdcnf->min_gid == 0) + cmdcnf->min_gid = cfg->min_gid; + if (cmdcnf->max_gid == 0) + cmdcnf->max_gid = cfg->max_gid; + if (cmdcnf->expire_days == 0) + cmdcnf->expire_days = cfg->expire_days; + if (cmdcnf->password_days == 0) + cmdcnf->password_days = cfg->password_days; +} + +int +pw_user_add(int argc, char **argv, char *arg1) +{ + struct userconf *cnf, *cmdcnf; + struct passwd *pwd; + struct group *grp; + struct stat st; + char args[] = "C:qn:u:c:d:e:p:g:G:mM:k:s:oL:i:w:h:H:Db:NPy:Y"; + char line[_PASSWORD_LEN+1], path[MAXPATHLEN]; + char *gecos, *homedir, *skel, *walk, *userid, *groupid, *grname; + char *default_passwd, *name, *p; + const char *cfg; + login_cap_t *lc; + FILE *pfp, *fp; + intmax_t id = -1; + time_t now; + int rc, ch, fd = -1; + size_t i; + bool dryrun, nis, pretty, quiet, createhome, precrypted, genconf; + + dryrun = nis = pretty = quiet = createhome = precrypted = false; + genconf = false; + gecos = homedir = skel = userid = groupid = default_passwd = NULL; + grname = name = NULL; + + if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL) + err(EXIT_FAILURE, "calloc()"); + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; + } + + while ((ch = getopt(argc, argv, args)) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + userid = optarg; + break; + case 'c': + gecos = pw_checkname(optarg, 1); + break; + case 'd': + homedir = optarg; + break; + case 'e': + now = time(NULL); + cmdcnf->expire_days = parse_date(now, optarg); + break; + case 'p': + now = time(NULL); + cmdcnf->password_days = parse_date(now, optarg); + break; + case 'g': + validate_grname(cmdcnf, optarg); + grname = optarg; + break; + case 'G': + split_groups(&cmdcnf->groups, optarg); + break; + case 'm': + createhome = true; + break; + case 'M': + cmdcnf->homemode = validate_mode(optarg); + break; + case 'k': + walk = skel = optarg; + if (*walk == '/') + walk++; + if (fstatat(conf.rootfd, walk, &st, 0) == -1) + errx(EX_OSFILE, "skeleton `%s' does not " + "exists", skel); + if (!S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a " + "directory", skel); + cmdcnf->dotdir = skel; + break; + case 's': + cmdcnf->shell_default = optarg; + break; + case 'o': + conf.checkduplicate = false; + break; + case 'L': + cmdcnf->default_class = pw_checkname(optarg, 0); + break; + case 'i': + groupid = optarg; + break; + case 'w': + default_passwd = optarg; + break; + case 'H': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + precrypted = true; + if (fd == '-') + errx(EX_USAGE, "-H expects a file descriptor"); + break; + case 'h': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + break; + case 'D': + genconf = true; + break; + case 'b': + cmdcnf->home = optarg; + break; + case 'N': + dryrun = true; + break; + case 'P': + pretty = true; + break; + case 'y': + cmdcnf->nispasswd = optarg; + break; + case 'Y': + nis = true; + break; + } + } + + if (geteuid() != 0 && ! dryrun) + errx(EX_NOPERM, "you must be root"); + + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); + + cnf = get_userconfig(cfg); + + mix_config(cmdcnf, cnf); + if (default_passwd) + cmdcnf->default_password = boolean_val(default_passwd, + cnf->default_password); + if (genconf) { + if (name != NULL) + errx(EX_DATAERR, "can't combine `-D' with `-n name'"); + if (userid != NULL) { + if ((p = strtok(userid, ", \t")) != NULL) + cmdcnf->min_uid = pw_checkid(p, UID_MAX); + if (cmdcnf->min_uid == 0) + cmdcnf->min_uid = 1000; + if ((p = strtok(NULL, " ,\t")) != NULL) + cmdcnf->max_uid = pw_checkid(p, UID_MAX); + if (cmdcnf->max_uid == 0) + cmdcnf->max_uid = 32000; + } + if (groupid != NULL) { + if ((p = strtok(groupid, ", \t")) != NULL) + cmdcnf->min_gid = pw_checkid(p, GID_MAX); + if (cmdcnf->min_gid == 0) + cmdcnf->min_gid = 1000; + if ((p = strtok(NULL, " ,\t")) != NULL) + cmdcnf->max_gid = pw_checkid(p, GID_MAX); + if (cmdcnf->max_gid == 0) + cmdcnf->max_gid = 32000; + } + if (write_userconfig(cmdcnf, cfg)) + return (EXIT_SUCCESS); + err(EX_IOERR, "config update"); + } + + if (userid) + id = pw_checkid(userid, UID_MAX); + if (id < 0 && name == NULL) + errx(EX_DATAERR, "user name or id required"); - if (mode == M_ADD) { - edited = 1; /* Always */ - rc = addpwent(pwd); + if (name == NULL) + errx(EX_DATAERR, "login name required"); + + pwd = &fakeuser; + pwd->pw_name = name; + pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : ""; + pwd->pw_uid = pw_uidpolicy(cmdcnf, id); + pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name, + (gid_t) pwd->pw_uid, dryrun); + pwd->pw_change = cmdcnf->password_days; + pwd->pw_expire = cmdcnf->expire_days; + pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name); + pwd->pw_shell = pw_shellpolicy(cmdcnf); + lc = login_getpwclass(pwd); + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cmdcnf, pwd->pw_name, dryrun); + if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) + warnx("WARNING: new account `%s' has a uid of 0 " + "(superuser access!)", pwd->pw_name); + if (gecos) + pwd->pw_gecos = gecos; + + if (fd != -1) + pw_set_passwd(pwd, fd, precrypted, false); + + if (dryrun) + return (print_user(pwd, pretty, false)); + + if ((rc = addpwent(pwd)) != 0) { if (rc == -1) errx(EX_IOERR, "user '%s' already exists", pwd->pw_name); else if (rc != 0) err(EX_IOERR, "passwd file update"); - if (cnf->nispasswd && *cnf->nispasswd=='/') { - rc = addnispwent(cnf->nispasswd, pwd); - if (rc == -1) - warnx("User '%s' already exists in NIS passwd", pwd->pw_name); - else if (rc != 0) - warn("NIS passwd update"); - /* NOTE: we treat NIS-only update errors as non-fatal */ - } - } else if (mode == M_UPDATE && edited) /* Only updated this if required */ - perform_chgpwent(name, pwd); - - /* - * Ok, user is created or changed - now edit group file - */ - - if (mode == M_ADD || getarg(args, 'G') != NULL) { - int j; - size_t i; - /* First remove the user from all group */ - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - char group[MAXLOGNAME]; - if (grp->gr_mem == NULL) - continue; - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i] , pwd->pw_name) != 0) - continue; - for (j = i; grp->gr_mem[j] != NULL ; j++) - grp->gr_mem[j] = grp->gr_mem[j+1]; - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); - } - } - ENDGRENT(); + } + if (nis && cmdcnf->nispasswd && *cmdcnf->nispasswd == '/') { + printf("%s\n", cmdcnf->nispasswd); + rc = addnispwent(cmdcnf->nispasswd, pwd); + if (rc == -1) + warnx("User '%s' already exists in NIS passwd", pwd->pw_name); + else if (rc != 0) + warn("NIS passwd update"); + /* NOTE: we treat NIS-only update errors as non-fatal */ + } - /* now add to group where needed */ - for (i = 0; i < cnf->groups->sl_cur; i++) { - grp = GETGRNAM(cnf->groups->sl_str[i]); + if (cmdcnf->groups != NULL) { + for (i = 0; i < cmdcnf->groups->sl_cur; i++) { + grp = GETGRNAM(cmdcnf->groups->sl_str[i]); grp = gr_add(grp, pwd->pw_name); /* * grp can only be NULL in 2 cases: @@ -736,39 +1336,28 @@ pw_user(int mode, char *name, long id, struct cargs * args) } } - - /* go get a current version of pwd */ pwd = GETPWNAM(name); - if (pwd == NULL) { - /* This will fail when we rename, so special case that */ - if (mode == M_UPDATE && conf.newname != NULL) { - name = conf.newname; /* update new name */ - pwd = GETPWNAM(name); /* refetch renamed rec */ - } - } - if (pwd == NULL) /* can't go on without this */ + if (pwd == NULL) errx(EX_NOUSER, "user '%s' disappeared during update", name); grp = GETGRGID(pwd->pw_gid); - pw_log(cnf, mode, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", + pw_log(cnf, M_ADD, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", pwd->pw_name, (uintmax_t)pwd->pw_uid, grp ? grp->gr_name : "unknown", (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); /* - * If adding, let's touch and chown the user's mail file. This is not + * let's touch and chown the user's mail file. This is not * strictly necessary under BSD with a 0755 maildir but it also * doesn't hurt anything to create the empty mailfile */ - if (mode == M_ADD) { - if (PWALTDIR() != PWF_ALT) { - snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, - pwd->pw_name); - close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, - 0600)); /* Preserve contents & mtime */ - fchownat(conf.rootfd, path + 1, pwd->pw_uid, - pwd->pw_gid, AT_SYMLINK_NOFOLLOW); - } + if (PWALTDIR() != PWF_ALT) { + snprintf(path, sizeof(path), "%s/%s", _PATH_MAILDIR, + pwd->pw_name); + /* Preserve contents & mtime */ + close(openat(conf.rootfd, path +1, O_RDWR | O_CREAT, 0600)); + fchownat(conf.rootfd, path + 1, pwd->pw_uid, pwd->pw_gid, + AT_SYMLINK_NOFOLLOW); } /* @@ -776,318 +1365,170 @@ pw_user(int mode, char *name, long id, struct cargs * args) * that this also `works' for editing users if -m is used, but * existing files will *not* be overwritten. */ - if (PWALTDIR() != PWF_ALT && getarg(args, 'm') != NULL && pwd->pw_dir && + if (PWALTDIR() != PWF_ALT && createhome && pwd->pw_dir && *pwd->pw_dir == '/' && pwd->pw_dir[1]) - create_and_populate_homedir(pwd); + create_and_populate_homedir(cmdcnf, pwd, cmdcnf->dotdir, + cmdcnf->homemode, false); - /* - * Finally, send mail to the new user as well, if we are asked to - */ - if (mode == M_ADD && !PWALTDIR() && cnf->newmail && *cnf->newmail && (fp = fopen(cnf->newmail, "r")) != NULL) { - FILE *pfp = popen(_PATH_SENDMAIL " -t", "w"); - - if (pfp == NULL) + if (!PWALTDIR() && cmdcnf->newmail && *cmdcnf->newmail && + (fp = fopen(cnf->newmail, "r")) != NULL) { + if ((pfp = popen(_PATH_SENDMAIL " -t", "w")) == NULL) warn("sendmail"); else { - fprintf(pfp, "From: root\n" "To: %s\n" "Subject: Welcome!\n\n", pwd->pw_name); + fprintf(pfp, "From: root\n" "To: %s\n" + "Subject: Welcome!\n\n", pwd->pw_name); while (fgets(line, sizeof(line), fp) != NULL) { /* Do substitutions? */ fputs(line, pfp); } pclose(pfp); - pw_log(cnf, mode, W_USER, "%s(%ju) new user mail sent", + pw_log(cnf, M_ADD, W_USER, "%s(%ju) new user mail sent", pwd->pw_name, (uintmax_t)pwd->pw_uid); } fclose(fp); } - return EXIT_SUCCESS; -} - - -static uid_t -pw_uidpolicy(struct userconf * cnf, long id) -{ - struct passwd *pwd; - uid_t uid = (uid_t) - 1; - - /* - * Check the given uid, if any - */ - if (id >= 0) { - uid = (uid_t) id; - - if ((pwd = GETPWUID(uid)) != NULL && conf.checkduplicate) - errx(EX_DATAERR, "uid `%ju' has already been allocated", - (uintmax_t)pwd->pw_uid); - } else { - struct bitmap bm; - - /* - * We need to allocate the next available uid under one of - * two policies a) Grab the first unused uid b) Grab the - * highest possible unused uid - */ - if (cnf->min_uid >= cnf->max_uid) { /* Sanity - * claus^H^H^H^Hheck */ - cnf->min_uid = 1000; - cnf->max_uid = 32000; - } - bm = bm_alloc(cnf->max_uid - cnf->min_uid + 1); - - /* - * Now, let's fill the bitmap from the password file - */ - SETPWENT(); - while ((pwd = GETPWENT()) != NULL) - if (pwd->pw_uid >= (uid_t) cnf->min_uid && pwd->pw_uid <= (uid_t) cnf->max_uid) - bm_setbit(&bm, pwd->pw_uid - cnf->min_uid); - ENDPWENT(); - - /* - * Then apply the policy, with fallback to reuse if necessary - */ - if (cnf->reuse_uids || (uid = (uid_t) (bm_lastset(&bm) + cnf->min_uid + 1)) > cnf->max_uid) - uid = (uid_t) (bm_firstunset(&bm) + cnf->min_uid); - - /* - * Another sanity check - */ - if (uid < cnf->min_uid || uid > cnf->max_uid) - errx(EX_SOFTWARE, "unable to allocate a new uid - range fully used"); - bm_dealloc(&bm); - } - return uid; -} - - -static uid_t -pw_gidpolicy(struct cargs * args, char *nam, gid_t prefer) -{ - struct group *grp; - gid_t gid = (uid_t) - 1; - struct carg *a_gid = getarg(args, 'g'); - struct userconf *cnf = conf.userconf; - - /* - * If no arg given, see if default can help out - */ - if (a_gid == NULL && cnf->default_group && *cnf->default_group) - a_gid = addarg(args, 'g', cnf->default_group); - - /* - * Check the given gid, if any - */ - SETGRENT(); - if (a_gid != NULL) { - if ((grp = GETGRNAM(a_gid->val)) == NULL) { - gid = (gid_t) atol(a_gid->val); - if ((gid == 0 && !isdigit((unsigned char)*a_gid->val)) || (grp = GETGRGID(gid)) == NULL) - errx(EX_NOUSER, "group `%s' is not defined", a_gid->val); - } - gid = grp->gr_gid; - } else if ((grp = GETGRNAM(nam)) != NULL && - (grp->gr_mem == NULL || grp->gr_mem[0] == NULL)) { - gid = grp->gr_gid; /* Already created? Use it anyway... */ - } else { - gid_t grid = -1; - - /* - * We need to auto-create a group with the user's name. We - * can send all the appropriate output to our sister routine - * bit first see if we can create a group with gid==uid so we - * can keep the user and group ids in sync. We purposely do - * NOT check the gid range if we can force the sync. If the - * user's name dups an existing group, then the group add - * function will happily handle that case for us and exit. - */ - if (GETGRGID(prefer) == NULL) - grid = prefer; - if (conf.dryrun) { - gid = pw_groupnext(cnf, true); - } else { - pw_group(M_ADD, nam, grid, NULL); - if ((grp = GETGRNAM(nam)) != NULL) - gid = grp->gr_gid; - } - } - ENDGRENT(); - return gid; -} - - -static time_t -pw_pwdpolicy(struct userconf * cnf, struct cargs * args) -{ - time_t result = 0; - time_t now = time(NULL); - struct carg *arg = getarg(args, 'p'); - - if (arg != NULL) { - if ((result = parse_date(now, arg->val)) == now) - errx(EX_DATAERR, "invalid date/time `%s'", arg->val); - } else if (cnf->password_days > 0) - result = now + ((long) cnf->password_days * 86400L); - return result; -} - - -static time_t -pw_exppolicy(struct userconf * cnf, struct cargs * args) -{ - time_t result = 0; - time_t now = time(NULL); - struct carg *arg = getarg(args, 'e'); - - if (arg != NULL) { - if ((result = parse_date(now, arg->val)) == now) - errx(EX_DATAERR, "invalid date/time `%s'", arg->val); - } else if (cnf->expire_days > 0) - result = now + ((long) cnf->expire_days * 86400L); - return result; -} - - -static char * -pw_homepolicy(struct userconf * cnf, struct cargs * args, char const * user) -{ - struct carg *arg = getarg(args, 'd'); - static char home[128]; - - if (arg) - return (arg->val); - - if (cnf->home == NULL || *cnf->home == '\0') - errx(EX_CONFIG, "no base home directory set"); - snprintf(home, sizeof(home), "%s/%s", cnf->home, user); + if (nis && nis_update() == 0) + pw_log(cnf, M_ADD, W_USER, "NIS maps updated"); - return (home); + return (EXIT_SUCCESS); } -static char * -shell_path(char const * path, char *shells[], char *sh) +int +pw_user_mod(int argc, char **argv, char *arg1) { - if (sh != NULL && (*sh == '/' || *sh == '\0')) - return sh; /* specified full path or forced none */ - else { - char *p; - char paths[_UC_MAXLINE]; - - /* - * We need to search paths - */ - strlcpy(paths, path, sizeof(paths)); - for (p = strtok(paths, ": \t\r\n"); p != NULL; p = strtok(NULL, ": \t\r\n")) { - int i; - static char shellpath[256]; - - if (sh != NULL) { - snprintf(shellpath, sizeof(shellpath), "%s/%s", p, sh); - if (access(shellpath, X_OK) == 0) - return shellpath; - } else - for (i = 0; i < _UC_MAXSHELLS && shells[i] != NULL; i++) { - snprintf(shellpath, sizeof(shellpath), "%s/%s", p, shells[i]); - if (access(shellpath, X_OK) == 0) - return shellpath; - } - } - if (sh == NULL) - errx(EX_OSFILE, "can't find shell `%s' in shell paths", sh); - errx(EX_CONFIG, "no default shell available or defined"); - return NULL; + struct userconf *cnf; + struct passwd *pwd; + struct group *grp; + StringList *groups = NULL; + char args[] = "C:qn:u:c:d:e:p:g:G:mM:l:k:s:w:L:h:H:NPYy:"; + const char *cfg; + char *gecos, *homedir, *grname, *name, *newname, *walk, *skel, *shell; + char *passwd, *class, *nispasswd; + login_cap_t *lc; + struct stat st; + intmax_t id = -1; + int ch, fd = -1; + size_t i, j; + bool quiet, createhome, pretty, dryrun, nis, edited, docreatehome; + mode_t homemode = 0; + time_t expire_days, password_days, now, precrypted; + + expire_days = password_days = -1; + gecos = homedir = grname = name = newname = skel = shell =NULL; + passwd = NULL; + class = nispasswd = NULL; + quiet = createhome = pretty = dryrun = nis = precrypted = false; + edited = docreatehome = false; + + if (arg1 != NULL) { + if (strspn(arg1, "0123456789") == strlen(arg1)) + id = pw_checkid(arg1, UID_MAX); + else + name = arg1; } -} - -static char * -pw_shellpolicy(struct userconf * cnf, struct cargs * args, char *newshell) -{ - char *sh = newshell; - struct carg *arg = getarg(args, 's'); - - if (newshell == NULL && arg != NULL) - sh = arg->val; - return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default); -} - -#define SALTSIZE 32 - -static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"; - -char * -pw_pwcrypt(char *password) -{ - int i; - char salt[SALTSIZE + 1]; - char *cryptpw; - - static char buf[256]; - - /* - * Calculate a salt value - */ - for (i = 0; i < SALTSIZE; i++) - salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)]; - salt[SALTSIZE] = '\0'; - - cryptpw = crypt(password, salt); - if (cryptpw == NULL) - errx(EX_CONFIG, "crypt(3) failure"); - return strcpy(buf, cryptpw); -} - - -static char * -pw_password(struct userconf * cnf, char const * user) -{ - int i, l; - char pwbuf[32]; - - switch (cnf->default_password) { - case -1: /* Random password */ - l = (arc4random() % 8 + 8); /* 8 - 16 chars */ - for (i = 0; i < l; i++) - pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; - pwbuf[i] = '\0'; - - /* - * We give this information back to the user - */ - if (conf.fd == -1 && !conf.dryrun) { - if (isatty(STDOUT_FILENO)) - printf("Password for '%s' is: ", user); - printf("%s\n", pwbuf); - fflush(stdout); + while ((ch = getopt(argc, argv, args)) != -1) { + switch (ch) { + case 'C': + cfg = optarg; + break; + case 'q': + quiet = true; + break; + case 'n': + name = optarg; + break; + case 'u': + id = pw_checkid(optarg, UID_MAX); + break; + case 'c': + gecos = pw_checkname(optarg, 1); + break; + case 'd': + homedir = optarg; + break; + case 'e': + now = time(NULL); + expire_days = parse_date(now, optarg); + break; + case 'p': + now = time(NULL); + password_days = parse_date(now, optarg); + break; + case 'g': + group_from_name_or_id(optarg); + grname = optarg; + break; + case 'G': + split_groups(&groups, optarg); + break; + case 'm': + createhome = true; + break; + case 'M': + homemode = validate_mode(optarg); + break; + case 'l': + newname = optarg; + break; + case 'k': + walk = skel = optarg; + if (*walk == '/') + walk++; + if (fstatat(conf.rootfd, walk, &st, 0) == -1) + errx(EX_OSFILE, "skeleton `%s' does not " + "exists", skel); + if (!S_ISDIR(st.st_mode)) + errx(EX_OSFILE, "skeleton `%s' is not a " + "directory", skel); + break; + case 's': + shell = optarg; + break; + case 'w': + passwd = optarg; + break; + case 'L': + class = pw_checkname(optarg, 0); + break; + case 'H': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + precrypted = true; + if (fd == '-') + errx(EX_USAGE, "-H expects a file descriptor"); + break; + case 'h': + if (fd != -1) + errx(EX_USAGE, "'-h' and '-H' are mutually " + "exclusive options"); + fd = pw_checkfd(optarg); + break; + case 'N': + dryrun = true; + break; + case 'P': + pretty = true; + break; + case 'y': + nispasswd = optarg; + break; + case 'Y': + nis = true; + break; } - break; - - case -2: /* No password at all! */ - return ""; + } - case 0: /* No login - default */ - default: - return "*"; + if (geteuid() != 0 && ! dryrun) + errx(EX_NOPERM, "you must be root"); - case 1: /* user's name */ - strlcpy(pwbuf, user, sizeof(pwbuf)); - break; - } - return pw_pwcrypt(pwbuf); -} + if (quiet) + freopen(_PATH_DEVNULL, "w", stderr); -static int -pw_userdel(char *name, long id) -{ - struct passwd *pwd = NULL; - char file[MAXPATHLEN]; - char home[MAXPATHLEN]; - uid_t uid; - struct group *gr, *grp; - char grname[LOGNAMESIZE]; - int rc; - struct stat st; - int valid_type = _PWF_FILES; + cnf = get_userconfig(cfg); if (id < 0 && name == NULL) errx(EX_DATAERR, "username or id required"); @@ -1095,306 +1536,190 @@ pw_userdel(char *name, long id) pwd = (name != NULL) ? GETPWNAM(pw_checkname(name, 0)) : GETPWUID(id); if (pwd == NULL) { if (name == NULL) - errx(EX_NOUSER, "no such uid `%ld'", id); + errx(EX_NOUSER, "no such uid `%ju'", + (uintmax_t) id); errx(EX_NOUSER, "no such user `%s'", name); } - if (conf.userconf->nispasswd && *conf.userconf->nispasswd == '/') - valid_type = _PWF_NIS; - - if (PWF._altdir == PWF_REGULAR && - ((pwd->pw_fields & _PWF_SOURCE) != valid_type)) - errx(EX_NOUSER, "no such %s user `%s'", - valid_type == _PWF_FILES ? "local" : "NIS" , name); - - uid = pwd->pw_uid; if (name == NULL) name = pwd->pw_name; - if (strcmp(pwd->pw_name, "root") == 0) - errx(EX_DATAERR, "cannot remove user 'root'"); - - /* Remove opie record from /etc/opiekeys */ + if (nis && nispasswd == NULL) + nispasswd = cnf->nispasswd; - if (PWALTDIR() != PWF_ALT) - rmopie(pwd->pw_name); + if (PWF._altdir == PWF_REGULAR && + ((pwd->pw_fields & _PWF_SOURCE) != _PWF_FILES)) { + if ((pwd->pw_fields & _PWF_SOURCE) == _PWF_NIS) { + if (!nis && nispasswd && *nispasswd != '/') + errx(EX_NOUSER, "Cannot modify NIS user `%s'", + name); + } else { + errx(EX_NOUSER, "Cannot modify non local user `%s'", + name); + } + } - if (!PWALTDIR()) { - /* Remove crontabs */ - snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); - if (access(file, F_OK) == 0) { - snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); - system(file); + if (newname) { + if (strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "can't rename `root' account"); + if (strcmp(pwd->pw_name, newname) != 0) { + pwd->pw_name = pw_checkname(newname, 0); + edited = true; } } - /* - * Save these for later, since contents of pwd may be - * invalidated by deletion - */ - snprintf(file, sizeof(file), "%s/%s", _PATH_MAILDIR, pwd->pw_name); - strlcpy(home, pwd->pw_dir, sizeof(home)); - gr = GETGRGID(pwd->pw_gid); - if (gr != NULL) - strlcpy(grname, gr->gr_name, LOGNAMESIZE); - else - grname[0] = '\0'; - rc = delpwent(pwd); - if (rc == -1) - err(EX_IOERR, "user '%s' does not exist", pwd->pw_name); - else if (rc != 0) - err(EX_IOERR, "passwd update"); + if (id > 0 && pwd->pw_uid != id) { + pwd->pw_uid = id; + edited = true; + if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) + errx(EX_DATAERR, "can't change uid of `root' account"); + if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) + warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + } - if (conf.userconf->nispasswd && *conf.userconf->nispasswd=='/') { - rc = delnispwent(conf.userconf->nispasswd, name); - if (rc == -1) - warnx("WARNING: user '%s' does not exist in NIS passwd", - pwd->pw_name); - else if (rc != 0) - warn("WARNING: NIS passwd update"); - /* non-fatal */ + if (grname && pwd->pw_uid != 0) { + grp = GETGRNAM(grname); + if (grp == NULL) + grp = GETGRGID(pw_checkid(grname, GID_MAX)); + if (grp->gr_gid != pwd->pw_gid) { + pwd->pw_gid = grp->gr_gid; + edited = true; + } } - grp = GETGRNAM(name); - if (grp != NULL && - (grp->gr_mem == NULL || *grp->gr_mem == NULL) && - strcmp(name, grname) == 0) - delgrent(GETGRNAM(name)); - SETGRENT(); - while ((grp = GETGRENT()) != NULL) { - int i, j; - char group[MAXLOGNAME]; - if (grp->gr_mem == NULL) - continue; + if (password_days >= 0 && pwd->pw_change != password_days) { + pwd->pw_change = password_days; + edited = true; + } - for (i = 0; grp->gr_mem[i] != NULL; i++) { - if (strcmp(grp->gr_mem[i], name) != 0) - continue; + if (expire_days >= 0 && pwd->pw_expire != expire_days) { + pwd->pw_expire = expire_days; + edited = true; + } - for (j = i; grp->gr_mem[j] != NULL; j++) - grp->gr_mem[j] = grp->gr_mem[j+1]; - strlcpy(group, grp->gr_name, MAXLOGNAME); - chggrent(group, grp); + if (shell) { + shell = shell_path(cnf->shelldir, cnf->shells, shell); + if (shell == NULL) + shell = ""; + if (strcmp(shell, pwd->pw_shell) != 0) { + pwd->pw_shell = shell; + edited = true; } } - ENDGRENT(); - - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) account removed", name, - (uintmax_t)uid); - /* Remove mail file */ - if (PWALTDIR() != PWF_ALT) - unlinkat(conf.rootfd, file + 1, 0); + if (class && strcmp(pwd->pw_class, class) != 0) { + pwd->pw_class = class; + edited = true; + } - /* Remove at jobs */ - if (!PWALTDIR() && getpwuid(uid) == NULL) - rmat(uid); + if (homedir && strcmp(pwd->pw_dir, homedir) != 0) { + pwd->pw_dir = homedir; + if (fstatat(conf.rootfd, pwd->pw_dir, &st, 0) == -1) { + if (!createhome) + warnx("WARNING: home `%s' does not exist", + pwd->pw_dir); + else + docreatehome = true; + } else if (!S_ISDIR(st.st_mode)) { + warnx("WARNING: home `%s' is not a directory", + pwd->pw_dir); + } + } - /* Remove home directory and contents */ - if (PWALTDIR() != PWF_ALT && conf.deletehome && *home == '/' && - getpwuid(uid) == NULL && - fstatat(conf.rootfd, home + 1, &st, 0) != -1) { - rm_r(conf.rootfd, home, uid); - pw_log(conf.userconf, M_DELETE, W_USER, "%s(%ju) home '%s' %s" - "removed", name, (uintmax_t)uid, home, - fstatat(conf.rootfd, home + 1, &st, 0) == -1 ? "" : "not " - "completely "); + if (passwd && conf.fd == -1) { + lc = login_getpwclass(pwd); + if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) + warn("setting crypt(3) format"); + login_close(lc); + pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun); + edited = true; } - return (EXIT_SUCCESS); -} + if (gecos && strcmp(pwd->pw_gecos, gecos) != 0) { + pwd->pw_gecos = gecos; + edited = true; + } -static int -print_user(struct passwd * pwd) -{ - if (!conf.pretty) { - char *buf; + if (fd != -1) + edited = pw_set_passwd(pwd, fd, precrypted, true); - buf = conf.v7 ? pw_make_v7(pwd) : pw_make(pwd); - printf("%s\n", buf); - free(buf); - } else { - int j; - char *p; - struct group *grp = GETGRGID(pwd->pw_gid); - char uname[60] = "User &", office[60] = "[None]", - wphone[60] = "[None]", hphone[60] = "[None]"; - char acexpire[32] = "[None]", pwexpire[32] = "[None]"; - struct tm * tptr; - - if ((p = strtok(pwd->pw_gecos, ",")) != NULL) { - strlcpy(uname, p, sizeof(uname)); - if ((p = strtok(NULL, ",")) != NULL) { - strlcpy(office, p, sizeof(office)); - if ((p = strtok(NULL, ",")) != NULL) { - strlcpy(wphone, p, sizeof(wphone)); - if ((p = strtok(NULL, "")) != NULL) { - strlcpy(hphone, p, - sizeof(hphone)); - } - } - } - } - /* - * Handle '&' in gecos field - */ - if ((p = strchr(uname, '&')) != NULL) { - int l = strlen(pwd->pw_name); - int m = strlen(p); + if (dryrun) + return (print_user(pwd, pretty, false)); - memmove(p + l, p + 1, m); - memmove(p, pwd->pw_name, l); - *p = (char) toupper((unsigned char)*p); - } - if (pwd->pw_expire > (time_t)0 && (tptr = localtime(&pwd->pw_expire)) != NULL) - strftime(acexpire, sizeof acexpire, "%c", tptr); - if (pwd->pw_change > (time_t)0 && (tptr = localtime(&pwd->pw_change)) != NULL) - strftime(pwexpire, sizeof pwexpire, "%c", tptr); - printf("Login Name: %-15s #%-12ju Group: %-15s #%ju\n" - " Full Name: %s\n" - " Home: %-26.26s Class: %s\n" - " Shell: %-26.26s Office: %s\n" - "Work Phone: %-26.26s Home Phone: %s\n" - "Acc Expire: %-26.26s Pwd Expire: %s\n", - pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "(invalid)", (uintmax_t)pwd->pw_gid, - uname, pwd->pw_dir, pwd->pw_class, - pwd->pw_shell, office, wphone, hphone, - acexpire, pwexpire); - SETGRENT(); - j = 0; - while ((grp=GETGRENT()) != NULL) - { - int i = 0; - if (grp->gr_mem != NULL) { - while (grp->gr_mem[i] != NULL) - { - if (strcmp(grp->gr_mem[i], pwd->pw_name)==0) - { - printf(j++ == 0 ? " Groups: %s" : ",%s", grp->gr_name); - break; - } - ++i; - } + if (edited) /* Only updated this if required */ + perform_chgpwent(name, pwd, nis ? nispasswd : NULL); + /* Now perform the needed changes concern groups */ + if (groups != NULL) { + /* Delete User from groups using old name */ + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + if (grp->gr_mem == NULL) + continue; + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i] , name) != 0) + continue; + for (j = i; grp->gr_mem[j] != NULL ; j++) + grp->gr_mem[j] = grp->gr_mem[j+1]; + chggrent(grp->gr_name, grp); + break; } } ENDGRENT(); - printf("%s", j ? "\n" : ""); - } - return EXIT_SUCCESS; -} - -char * -pw_checkname(char *name, int gecos) -{ - char showch[8]; - const char *badchars, *ch, *showtype; - int reject; - - ch = name; - reject = 0; - if (gecos) { - /* See if the name is valid as a gecos (comment) field. */ - badchars = ":!@"; - showtype = "gecos field"; - } else { - /* See if the name is valid as a userid or group. */ - badchars = " ,\t:+&#%$^()!@~*?<>=|\\/\""; - showtype = "userid/group name"; - /* Userids and groups can not have a leading '-'. */ - if (*ch == '-') - reject = 1; + /* Add the user to the needed groups */ + for (i = 0; i < groups->sl_cur; i++) { + grp = GETGRNAM(groups->sl_str[i]); + grp = gr_add(grp, pwd->pw_name); + if (grp == NULL) + continue; + chggrent(grp->gr_name, grp); + free(grp); + } } - if (!reject) { - while (*ch) { - if (strchr(badchars, *ch) != NULL || *ch < ' ' || - *ch == 127) { - reject = 1; - break; - } - /* 8-bit characters are only allowed in GECOS fields */ - if (!gecos && (*ch & 0x80)) { - reject = 1; + /* In case of rename we need to walk over the different groups */ + if (newname) { + SETGRENT(); + while ((grp = GETGRENT()) != NULL) { + if (grp->gr_mem == NULL) + continue; + for (i = 0; grp->gr_mem[i] != NULL; i++) { + if (strcmp(grp->gr_mem[i], name) != 0) + continue; + grp->gr_mem[i] = newname; + chggrent(grp->gr_name, grp); break; } - ch++; - } - } - /* - * A `$' is allowed as the final character for userids and groups, - * mainly for the benefit of samba. - */ - if (reject && !gecos) { - if (*ch == '$' && *(ch + 1) == '\0') { - reject = 0; - ch++; } } - if (reject) { - snprintf(showch, sizeof(showch), (*ch >= ' ' && *ch < 127) - ? "`%c'" : "0x%02x", *ch); - errx(EX_DATAERR, "invalid character %s at position %td in %s", - showch, (ch - name), showtype); - } - if (!gecos && (ch - name) > LOGNAMESIZE) - errx(EX_DATAERR, "name too long `%s' (max is %d)", name, - LOGNAMESIZE); - - return (name); -} - - -static void -rmat(uid_t uid) -{ - DIR *d = opendir("/var/at/jobs"); - - if (d != NULL) { - struct dirent *e; - - while ((e = readdir(d)) != NULL) { - struct stat st; - if (strncmp(e->d_name, ".lock", 5) != 0 && - stat(e->d_name, &st) == 0 && - !S_ISDIR(st.st_mode) && - st.st_uid == uid) { - char tmp[MAXPATHLEN]; + /* go get a current version of pwd */ + if (newname) + name = newname; + pwd = GETPWNAM(name); + if (pwd == NULL) + errx(EX_NOUSER, "user '%s' disappeared during update", name); + grp = GETGRGID(pwd->pw_gid); + pw_log(cnf, M_UPDATE, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", + pwd->pw_name, (uintmax_t)pwd->pw_uid, + grp ? grp->gr_name : "unknown", + (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), + pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); - snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); - system(tmp); - } - } - closedir(d); + /* + * Let's create and populate the user's home directory. Note + * that this also `works' for editing users if -m is used, but + * existing files will *not* be overwritten. + */ + if (PWALTDIR() != PWF_ALT && docreatehome && pwd->pw_dir && + *pwd->pw_dir == '/' && pwd->pw_dir[1]) { + if (!skel) + skel = cnf->dotdir; + if (homemode == 0) + homemode = cnf->homemode; + create_and_populate_homedir(cnf, pwd, skel, homemode, true); } -} - -static void -rmopie(char const * name) -{ - char tmp[1014]; - FILE *fp; - int fd; - size_t len; - off_t atofs = 0; - - if ((fd = openat(conf.rootfd, "etc/opiekeys", O_RDWR)) == -1) - return; - fp = fdopen(fd, "r+"); - len = strlen(name); + if (nis && nis_update() == 0) + pw_log(cnf, M_UPDATE, W_USER, "NIS maps updated"); - while (fgets(tmp, sizeof(tmp), fp) != NULL) { - if (strncmp(name, tmp, len) == 0 && tmp[len]==' ') { - /* Comment username out */ - if (fseek(fp, atofs, SEEK_SET) == 0) - fwrite("#", 1, 1, fp); - break; - } - atofs = ftell(fp); - } - /* - * If we got an error of any sort, don't update! - */ - fclose(fp); + return (EXIT_SUCCESS); } -- cgit v1.2.3 From 87f0bee696c8913c0fcbdd80fa382f1dc2004cb8 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 12:54:15 +0000 Subject: Fix regression: report again if a username already exists when creating it --- pw/pw_user.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 8ff4159..172e5ef 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1275,6 +1275,9 @@ pw_user_add(int argc, char **argv, char *arg1) if (name == NULL) errx(EX_DATAERR, "login name required"); + if (GETPWNAM(name) != NULL) + errx(EX_DATAERR, "login name `%s' already exists", name); + pwd = &fakeuser; pwd->pw_name = name; pwd->pw_class = cmdcnf->default_class ? cmdcnf->default_class : ""; -- cgit v1.2.3 From 4573132fd44c8bd71211a975ed21e9acbb58ca45 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 13:22:46 +0000 Subject: Cleanup a bit includes --- pw/pw_user.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 172e5ef..b54cccb 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -30,23 +30,28 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include +#include +#include +#include + #include +#include #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include +#include #include +#include +#include +#include +#include +#include +#include + #include "pw.h" #include "bitmap.h" +#include "psdate.h" #define LOGNAMESIZE (MAXLOGNAME-1) -- cgit v1.2.3 From d13ab4fd48f03e64abf378665d5fe7e7cf53c379 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sun, 2 Aug 2015 13:32:23 +0000 Subject: Split some extra long lines --- pw/pw_user.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index b54cccb..33968ee 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -623,7 +623,8 @@ rmat(uid_t uid) st.st_uid == uid) { char tmp[MAXPATHLEN]; - snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", e->d_name); + snprintf(tmp, sizeof(tmp), "/usr/bin/atrm %s", + e->d_name); system(tmp); } } @@ -869,7 +870,8 @@ pw_user_del(int argc, char **argv, char *arg1) /* Remove crontabs */ snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); if (access(file, F_OK) == 0) { - snprintf(file, sizeof(file), "crontab -u %s -r", pwd->pw_name); + snprintf(file, sizeof(file), "crontab -u %s -r", + pwd->pw_name); system(file); } } @@ -1321,7 +1323,8 @@ pw_user_add(int argc, char **argv, char *arg1) printf("%s\n", cmdcnf->nispasswd); rc = addnispwent(cmdcnf->nispasswd, pwd); if (rc == -1) - warnx("User '%s' already exists in NIS passwd", pwd->pw_name); + warnx("User '%s' already exists in NIS passwd", + pwd->pw_name); else if (rc != 0) warn("NIS passwd update"); /* NOTE: we treat NIS-only update errors as non-fatal */ @@ -1351,7 +1354,8 @@ pw_user_add(int argc, char **argv, char *arg1) grp = GETGRGID(pwd->pw_gid); pw_log(cnf, M_ADD, W_USER, "%s(%ju):%s(%ju):%s:%s:%s", pwd->pw_name, (uintmax_t)pwd->pw_uid, - grp ? grp->gr_name : "unknown", (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), + grp ? grp->gr_name : "unknown", + (uintmax_t)(grp ? grp->gr_gid : (uid_t)-1), pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell); /* @@ -1582,7 +1586,8 @@ pw_user_mod(int argc, char **argv, char *arg1) if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0) errx(EX_DATAERR, "can't change uid of `root' account"); if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0) - warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name); + warnx("WARNING: account `%s' will have a uid of 0 " + "(superuser access!)", pwd->pw_name); } if (grname && pwd->pw_uid != 0) { -- cgit v1.2.3 From 5f0399d80c7e24560dcf6762d37aaa6b149ea0e2 Mon Sep 17 00:00:00 2001 From: Adrian Chadd Date: Mon, 3 Aug 2015 05:59:30 +0000 Subject: Actually set quiet to something. /usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c: In function 'pw_user_next': /usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c:680: warning: statement with no effect --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 33968ee..f1207e0 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -677,7 +677,7 @@ pw_user_next(int argc, char **argv, char *name __unused) cfg = optarg; break; case 'q': - quiet; + quiet = true; break; } } -- cgit v1.2.3 From e854cbea2a39ade7b1dc00a3143f699eee5cc9bb Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 3 Aug 2015 06:06:56 +0000 Subject: Fix bugs spotted by gcc Reported by: adrian --- pw/pw_user.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index f1207e0..b51a6cb 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -700,7 +700,7 @@ pw_user_show(int argc, char **argv, char *arg1) { struct passwd *pwd = NULL; char *name = NULL; - uid_t id = -1; + intmax_t id = -1; int ch; bool all = false; bool pretty = false; @@ -786,7 +786,7 @@ pw_user_del(int argc, char **argv, char *arg1) char home[MAXPATHLEN]; const char *cfg = NULL; struct stat st; - uid_t id; + intmax_t id = -1; int ch, rc; bool nis = false; bool deletehome = false; @@ -1423,8 +1423,9 @@ pw_user_mod(int argc, char **argv, char *arg1) int ch, fd = -1; size_t i, j; bool quiet, createhome, pretty, dryrun, nis, edited, docreatehome; + bool precrypted; mode_t homemode = 0; - time_t expire_days, password_days, now, precrypted; + time_t expire_days, password_days, now; expire_days = password_days = -1; gecos = homedir = grname = name = newname = skel = shell =NULL; -- cgit v1.2.3 From 8d2c73dba6fca1999679ef33013d4c28784d71ba Mon Sep 17 00:00:00 2001 From: Ed Schouten Date: Mon, 3 Aug 2015 22:07:50 +0000 Subject: Avoid calling strlen() where we can use the strspn() return value. --- pw/pw_user.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index b51a6cb..d9bce87 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -214,7 +214,7 @@ pw_userlock(char *arg1, int mode) if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -709,7 +709,7 @@ pw_user_show(int argc, char **argv, char *arg1) bool quiet = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -793,7 +793,7 @@ pw_user_del(int argc, char **argv, char *arg1) bool quiet = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -1124,7 +1124,7 @@ pw_user_add(int argc, char **argv, char *arg1) err(EXIT_FAILURE, "calloc()"); if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; @@ -1435,7 +1435,7 @@ pw_user_mod(int argc, char **argv, char *arg1) edited = docreatehome = false; if (arg1 != NULL) { - if (strspn(arg1, "0123456789") == strlen(arg1)) + if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else name = arg1; -- cgit v1.2.3 From d22586d60e6708b9addf1139d8733bdadde64c15 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 14 Aug 2015 13:39:55 +0000 Subject: Regression: fix pw usermod -w xxx Reported by: gjb --- pw/pw_user.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index d9bce87..5ccbd53 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1645,6 +1645,8 @@ pw_user_mod(int argc, char **argv, char *arg1) if (lc == NULL || login_setcryptfmt(lc, "sha512", NULL) == NULL) warn("setting crypt(3) format"); login_close(lc); + cnf->default_password = boolean_val(passwd, + cnf->default_password); pwd->pw_passwd = pw_password(cnf, pwd->pw_name, dryrun); edited = true; } -- cgit v1.2.3 From 0eb538dcc100241473d7bc507f83a1dd45683b8c Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 21 Aug 2015 07:09:53 +0000 Subject: Fix useradd regression: Readd the function to create the parents home directory if it does not exists. if it is only a directory at the top level of the hierarchy symlink it into /usr as it used to be done before. Reported by: kevlo, adrian --- pw/pw_user.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 5ccbd53..35eb1fb 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -38,6 +38,7 @@ static const char rcsid[] = #include #include #include +#include #include #include #include @@ -84,12 +85,77 @@ static char *shell_path(char const * path, char *shells[], char *sh); static void rmat(uid_t uid); static void rmopie(char const * name); +static void +mkdir_home_parents(int dfd, const char *dir) +{ + struct stat st; + char *dirs, *tmp; + + if (*dir != '/') + errx(EX_DATAERR, "invalid base directory for home '%s'", dir); + + dir++; + + if (fstatat(dfd, dir, &st, 0) != -1) { + if (S_ISDIR(st.st_mode)) + return; + errx(EX_OSFILE, "root home `/%s' is not a directory", dir); + } + + dirs = strdup(dir); + if (dirs == NULL) + errx(EX_UNAVAILABLE, "out of memory"); + + tmp = strrchr(dirs, '/'); + if (tmp == NULL) + return; + tmp[0] = '\0'; + + /* + * This is a kludge especially for Joerg :) + * If the home directory would be created in the root partition, then + * we really create it under /usr which is likely to have more space. + * But we create a symlink from cnf->home -> "/usr" -> cnf->home + */ + if (strchr(dirs, '/') == NULL) { + asprintf(&tmp, "usr/%s", dirs); + if (tmp == NULL) + errx(EX_UNAVAILABLE, "out of memory"); + if (mkdirat(dfd, tmp, _DEF_DIRMODE) != -1 || errno == EEXIST) { + fchownat(dfd, tmp, 0, 0, 0); + symlinkat(tmp, dfd, dirs + 1); + } + free(tmp); + } + tmp = dirs; + if (fstatat(dfd, dirs, &st, 0) == -1) { + while ((tmp = strchr(tmp + 1, '/')) != NULL) { + *tmp = '\0'; + if (fstatat(dfd, dirs, &st, 0) == -1) { + if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs); + } + *tmp = '/'; + } + } + if (fstatat(dfd, dirs, &st, 0) == -1) { + if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) + err(EX_OSFILE, "'%s' (root home parent) is not a directory", dirs); + fchownat(dfd, dirs, 0, 0, 0); + } + + free(dirs); +} + static void create_and_populate_homedir(struct userconf *cnf, struct passwd *pwd, const char *skeldir, mode_t homemode, bool update) { int skelfd = -1; + /* Create home parents directories */ + mkdir_home_parents(conf.rootfd, pwd->pw_dir); + if (skeldir != NULL && *skeldir != '\0') { if (*skeldir == '/') skeldir++; -- cgit v1.2.3 From 310937fee1f84f07d1175c78733da51de818f46e Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Fri, 21 Aug 2015 09:28:20 +0000 Subject: Fix /home symlink creation Add regression test about it --- pw/pw_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 35eb1fb..61d468a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -123,7 +123,7 @@ mkdir_home_parents(int dfd, const char *dir) errx(EX_UNAVAILABLE, "out of memory"); if (mkdirat(dfd, tmp, _DEF_DIRMODE) != -1 || errno == EEXIST) { fchownat(dfd, tmp, 0, 0, 0); - symlinkat(tmp, dfd, dirs + 1); + symlinkat(tmp, dfd, dirs); } free(tmp); } -- cgit v1.2.3 From 9c04af5e0b95f4cebcc065c168ec58a4851b4764 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 12 Sep 2015 08:24:25 +0000 Subject: Regression: fix pw usermod -d Mark the user has having been edited if -d option is passed to usermod and so the request change of home directory actually happen PR: 203052 Reported by: lenzi.sergio@gmail.com MFC after: 2 days --- pw/pw_user.c | 1 + 1 file changed, 1 insertion(+) (limited to 'pw/pw_user.c') diff --git a/pw/pw_user.c b/pw/pw_user.c index 61d468a..f133147 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1694,6 +1694,7 @@ pw_user_mod(int argc, char **argv, char *arg1) if (homedir && strcmp(pwd->pw_dir, homedir) != 0) { pwd->pw_dir = homedir; + edited = true; if (fstatat(conf.rootfd, pwd->pw_dir, &st, 0) == -1) { if (!createhome) warnx("WARNING: home `%s' does not exist", -- cgit v1.2.3